Magisk installation (to hide root for bank app)

Hi there,
I just received my iodé phone. Looks fine so far.
I installed my bank application using aurora, but it seems I can’t complete its setup because the phone is detected as rooted. I read on other forums that magisk can be used to make this application work. But I’m a newbie when it comes to rooted smartphones.

I’ve seen magisk is listed in F-droid. Can I just get it installed via F-droid? or does it needs a special - more complex - procedure? if so, could do you please link me to a step-by-step tutorial.

Thanks in advance.

Hello @brazzmonkey .
iodéOS is not rooted after a default installation. Your banking app will probably misinterpret the custom ROM iodéOS and identify it as rooted, even though it is not.

Banking app usually expect stock Android with Google Play services. iodéOS, on the other hand, is equipped with the privacy-preserving mircoG and not the surveillance bug Google Play services. The microG services emulate Google Play Services and very many (banking) apps work with it, but not all.

If necessary, it helps to do without the online login with QR code when setting up the banking app for the first time and instead enter the login code manually in the form of numbers and characters, if this option is available.

Speaking of Root - MagisK. This tool, which has meanwhile been widely developed, makes rooting easier than ever, but - every coin has two sides, which should mean that a rooted smartphone can cause unexpected errors in the operating system, because after all, the elementary boot.img file is usually manipulated. The consequences that may arise from this cannot be handled by the ‘normal user’. Please consider: Some smartphone manufacturers refuse warranty and guarantee in the case of manipulated firmware - and not without justification.

Thanks Odysseus.

Indeed I thought iodé was rooted by default.
The thing is, I need my banking app to validate online payments…
I read here (in french) that using MagisK on LineageOS (v16) helped to restore this functionality. But we’re talking about a rooted phone here. So I’m not sure it’s worth a try on my non-rooted iodéOS phone… but I suppose I don’t have a choice.
It’s a refurbished Samsung I bought directly from iodé btw.

So basically I guess I have to find a tutorial to install MagisK the usual way on LineageOS, with TWRP and such.

@brazzmonkey ,
I was in your situation with a /e/Phone including microG a long time ago… The banking app could not be activated via QR code. So I had my bank send me the necessary data y printed letter. With the manual entry of the banking app activation data, the online transmission of the TAN then works.

If you absolutely want to install MagisK, which I don’t advise them, then use the original Guide from the Magisk developer @topjohnwu.

Well, in my case this is somewhat different, because there doesn’t seem to be any physical workaround.
More precisely, my banking app installs and probably runs fine, but I’m stocked with the - mandatory - online payment validation component… My only hope would be that there is another method to validate online payments (SMS), but I’m afraid it’s now deprecated.

As you stated before this seems more like a MicroG issue, so most probably rooting the device would not help. I’ve got another app detecting a rooted installation (but this one only shows 2 warnings and works fine besides that).

Thanks for the link. But I’ll follow your advice and will not try to install MagisK: it seems like a risky hassle. Plus I don’t actually need a rooted device, just a way to get a working banking app.
But I suppose there is no way to get Google services installed only for this banking app to work. I couldn’t find any useful resource anyhow.

I guess I’ll need to keep my older smartphone just to be able to buy online once in a while…

Well, Google Play-Services and microG-Services - both together do not work. Either - or.

But - iodéOS is partner for microG aka Marvin Wißfeld, so is LineageOS-for-microG or /e/OS or CalxyOS. And that’s good, very good in fact, because it keeps Google’s watchdog “Google Play-Services” out.

Yes, I thought so.

Bad thing is, being tied to Google for online banking is a kind of a showstopper for me…

Before switching to a custom ROM I was afraid about not being able to use Waze or Google Maps in the absence of Google services. Looks like those work as expected and I’m happy about that (because I don’t find the alternatives to be as convenient/accurate when it comes to take traffic into account).
I was aware my bank app could cause problems, so I spent time searching the web, but I misinterpreted what I found as potential workarounds. My fault.

Don’t get me wrong, I think MicroG and other projects are awesome achievements. I just wish something as essential as online banking would not be so dependent to Google and Apple…

Well, the app developers and those who commission the apps are primarily responsible for the app dependencies on Google Play Services.

Apps can also function without Google Play services, without advertising ID, without trackers, without spying on users. There are hundreds of proofs of this, for example in the F-Droid Store.

Apps could also be made available for download without Google Play Store. The decision to do so rests solely with the app owner/contractor.

So question: why are the majority of Android app developers in bondage to Google, why do so few people dare to disagree and break away from Google?

Please don’t misunderstand me either. Clarifying these questions isn’t the right place here, because the iodé forum is primarily about technical matters involving the iodéOS and the apps provided by the iodé team. @brazzmonkey. You’re welcome to contact me by PM.

Yes, that’s what I meant: in this case Google dependencies are a matter of choice, the bank’s choice. Under the influence of Google, advertising frameworks and API and such, promising security (and snitches and data).
Hopefully MicroG will continue to improve and maybe one day, eventually, I’ll be able to get rid of my ancient (Android 6) smartphone.

Whatever.
Indeed this thread has drifted away from the original topic…
Thanks for your chat and advice. I didn’t get the solution to my issue, but I got to learn some things.
Take care and hope for the best.

One last tips: Check installed apps for trackers with Exodus and future app before installing with Exodus Privacy: Check an app.

Mute your ‘ancient (Android 6) smartphone’, block advertising and tracking domains with NetGuard, an Android firewall, that doesn’t require root rights - by Marcel Bokhorst (developer of NetGuard), Netherlands.

Update: I went to the bank today. They told me to check my phone with RootBeer, which I did.
My smartphone is likely considered as “rooted” because the RootBeer scan failed because of “dangerous props”. So the issue isn’t from Google services.

There could be a simple fix in LineageOS (so possibly in iodéOS), described here:
https://blog.snapdragon.cc/2019/09/03/fully-unroot-custom-android-roms-to-run-banking-apps/
Basically I’m supposed to edit /system/etc/prop.default.
But where I am supposed to type theses command lines from? ADB? recovery mode?

*edit
Ah. I tried ADB and got a permission issue. Because of the phone not being rooted?

Hurray!!
I eventually got it working!!
Link in previous post is relevant. In /system/etc/prop.default , ro.debuggable should be set to 0 .

Step-by-step this gives:

  • install ADB on computer
  • smartphone: enable developer mode, in settings/system/developer options, enable USB debugging, and enable ADB as root
  • connect smartphone to computer via USB
  • smartphone: activate debugging mode in notification bar
  • open a command-line console on computer
    type:
    adb root
    cat /proc/mounts | grep system
    to locate system mountpoint (something like “/dev/block/platform/XXXXXXXX.ufs/by-name/system”)

mount it with write permissions:
mount -o rw,remount /dev/block/platform/XXXXXXXXX.ufs/by-name/system

edit prop.default:
nano /system/etc/prop.default
in which you set:
ro.debuggable=0
exit and you’re done.

This ro.debuggable option enables ADB as root. So, being set to “0” this option becomes hidden in developer options. I just hope it won’t lead to future issues, but this looks rather riskless to me.