How to Pass Strong Device & Play Integrity on Any Android?

Google’s Play Integrity API is a service that verifies the integrity of an app’s code and the hardware it is running on to keep the consumer safe from malicious threats. When a phone’s bootloader is unlocked or rooted, the Play Integrity API checks fail.

As the name suggests, Play Integrity will check if the device hardware is secure (unmodified, non-rooted) and verify app binaries to ensure they come from a legitimate source. Google allows developers to use the Play Integrity API in their apps to identify if there are any security risks; what the app does next is up to the creator.

Most apps wouldn’t care for all integrity checks to pass, but some, with sensitive data, like banking and government apps, block such phones from using their service. Here are some of the reasons why Play Integrity checks may fail on your device:

• The device has an unlocked bootloader.
• The device is rooted.
• The device is running a custom ROM.
• If a fix is implemented, it may be patched or conflicting with other modules.
• The device is using an unsigned ROM.
• The DenyList in Magisk may not be configured to exclude Google services.

How to Bypass Failed Play Integrity Checks?

To bypass Play Integrity checks, the device will either need to spoof or bypass the said requirements to find its way around these checks. There’s a legitimate way, and then there are workaround modules that’ll essentially trick Play Integrity into showing the green checkmark and subsequently allow apps with strict device state detection to run on your phone.

↪ Revert to the Device’s Stock ROM (Lock Bootloader)

Since Play Integrity verifies the device status, the most straightforward and legitimate way to retrieve that status is to revert to a locked bootloader and flash the manufacturer’s stock ROM. This would be the simplest and most effective way to avoid the hassle of periodically updating specific modules inside Magisk.

In addition, if your banking service takes security seriously, you may want to consider opting out of workarounds. If and when a Play Integrity module is patched, chances are that your financial services will detect that and may block certain services, like online banking, from running on your account or, even worse, lock you out of your account.

↪ Play Integrity Fix Module (Keeps Root & Bootloader Status)

Disclaimer: The methods in this guide involve changing your device’s operating system and security settings, which can be risky. Doing this might void your device’s warranty and could lead to data loss, system issues, or security vulnerabilities. It may also break the rules of certain apps or services, possibly resulting in account suspensions or bans. Proceed with caution. This guide is for educational purposes only. We are not responsible for any damage, loss, or legal issues that may arise from following these instructions.

For most people who root their devices via Magisk, the Play Integrity Fix is a must-install. This module bypasses the Play Integrity limitations and spoofs apps to verify the device’s authenticity. However, before proceeding, there are certain elements you need to keep in check.

Pre-Requisites

1. Make sure that the latest version of Google Play Services is installed on your phone.
   • You can use a direct link to the Play Store to check if there is an option to update Google Play services.
   • You can also open Play Store > Tap on your account photo (top right-hand side) > Settings > About > “Update Play Store.”
2. Make sure that you are using a signed custom ROM on your device.
   • You can use the RomSignCheck app (external install) to check if your ROM is signed. If so, it will display a “ROM sign normal” or “ROM sign is testkey” message.
3. Update to the latest version of Magisk, or switch to Kitsune Mask, a fork of the official Magisk Manager with the old MagiskHide features re-added.
   • For KernelSU users, flash the Zygisk Next module to access Zygisk (built-in for Magisk users).
4. Install MT Manager on your device. This will be used to install working keybox files for Play Integrity tokens.

Install Procedure

The general overview of this section is that it’ll hide selected apps from being detected in a rooted environment and will install Magisk as a proxy application. If a Trusted Execution Environment (TEE) is broken, it’ll attempt to fix it, use Shamiko to hide Zygisk, and finally flash the Play Integrity Fix module.

1) Hide the Magisk App

The first plan of action is to hide the Magisk app itself. Some services access the list of installed apps on the phone, and if they find Magisk, they use that information to extrapolate that the device is modified. Magisk allows you to replace itself with a proxy app with a random package ID.

1. Open Magisk and tap on the Settings (gear icon) on the top right-hand side.
2. Scroll down to “Hide the Magisk app,” and tap on it.
3. Rename the file to a random app name and tap “OK.”
4. Magisk is now spoofed as a different app with a random package ID.

2) Configure the DenyList

The selected apps in the DenyList are a set of services that would be referenced to be blacklisted from root detection. This means that modules such as Shamiko and MagiskHide will use this list to block apps from identifying the root status on your device.

1. Open Magisk and tap on the Settings (gear icon) on the top right-hand side.
2. Scroll down to “Configure DenyList,” and tap on it.
3. Tap the three vertical dot menu on the top right-hand side and select “Show system apps.”
4. From the list of apps, find Google Play Services, extend the dialog, and turn on the toggle for “com.google.android.gms” and “com.google.android.gms.unstable.”
5. Now, go back to the list, find Google Play Store, and turn on the toggle for “com.android.vending.”

Note: Go to your phone’s settings, force stop, and clear data for both Google Play Store and Play Services after configuring the DenyList.

3) Spoof the Bootloader Status (If TEE Broken)

Since Play Integrity also relies on the bootloader status to check device integrity, it is important to spoof that too.

1. Check whether your Trusted Execution Environment is broken.
   • To do so, get Momo, and check your TEE status.
2. If TEE is broken for your device, you’ll need to flash the LSPosed module.
3. From Xposed settings, enable the BootloaderSpoofer module.
4. If you need to hide root status from a certain app, select those here.

4) Hide Zygisk & Flash Play Integrity Fix Modules

To hide the remaining root traces from your device, flash the Shamiko module (Magisk), or Zygisk Assistant, if you’re on KernelSU.

1. Download the Play Integrity Fix module from chiteroman’s repository.
2. Get the TrickyStore module from aviraxp’s repository.
3. Flash both of these modules via Magisk.

5) Push a Working Keybox File via MT Manager

It is important to update the keybox files periodically since they’re patched sooner or later. These will be the keys that’ll be used to spoof the integrity tokens. You can find these tokens via online forums on XDA, Reddit, and Telegram.

1. Open MT Manager and copy your keybox file.
2. Go to <em>/data/adb/tricky_store/</em> and paste the file there.
3. Long tap on the keybox file, and go to properties.
   
4. In front of the “Owner,” you’ll see root. Tap on Modify.
5. Tap on Group, and select “root – 0.”
6. Head back to the properties and in front of Permissions, tap on Modify.
7. Select “Other” under Read and deselect “Group” under Write.
8. Tap “OK.” Note: When an app makes a request to the Play Integrity API, it returns an integrity token that is signed using a private key. For the bypass, we will need custom, working keyboxes to create tokens that bypass these checks and spoof the app into believing it is running on an unmodified, non-rooted environment.
9. Once everything is set up, reboot your device, get the Play Integrity API Checker app, and check your device’s integrity status.