LineageOS + Magisk + (Payconiq or Keytrade) app => Not working

5 comments

1. I’m running (unrooted) LineageOS and the Keytrade app works just fine. If I recall correctly, my phone passes safetynet basic attestation but not the more strict one that payconiq checks.

   So I’m in exactly the reverse situation as you: I do not use magisk and can use the Keytrade app just fine, but payconiq tells me to fuck off.

   Apparently using an up-to-date non-rooted OS (LineageOS, Android 11 with weekly updates) is completely unsafe, while running the same app on an “end of life” device (Android 10, no more security updates) is super safe. Never mind that the device was end of life 3 years after it released (now 4 years ago). Completely insane that this is legal. End of life = may as well be e-waste despite working perfectly well.

2. Apps involving money all much prefer to deal with the 99,9% tech illiterate customers who use their services in a very small number of standardized, predictable ways, rather than deal with 100% of customers. Using rooted or jailbroken devices and doing everything everyone else is doing, is a phantasy. Also, a lot of these “Why doesn’t company X allow me to use their services with my super-sophisticated setup?” posts are furthermore tech nerd humblebrags that reek of entitlement. “Excuse me, I’m smart enough to use a custom rom, you know. You companies should be glad to have smart people like me as customers.” No, they shouldn’t.

   Pick your poison: Google’s panopticon, Apple’s bloated mess where important security vulnerabilities don’t get patched for months, or manage your finances with your physical card, disconnected physical token and the browser. You can downvote this comment because you don’t like this answer, but it’s true just the same. I used Cyanogen around 2013 and it’s a tech nerd illusion that these things can be made to do everything a non-custom rom is allowed to do, even with hours of tinkering every week.

3. There are probably always ways for an app to find out if it’s running on anything that’s not “regular” Android firmware. But the demographic running custom firmware is so small, that some developers (or at least their bosses) prefer to block their app on such a device. Because it’s easier(cheaper) to maintain full safety when you don’t have to take rooted phones into account.

   But if they want to do it this way, they should also stop their app from working on any device that’s behind on security/OS updates. But there are more people using old phones with regular firmware, than there are people with rooted firmware. The fact that a rooted Android will often be more secure than an old Android is not relevant to them. A rooted phone carries an inherent risk and banning it is easy and upset few people. Old OS’s also carry a risk, but banning them would upset many people.

4. What about running Magisk with Zygisk and using the Denylist + Universal SafetyNet Fix? Maybe MagiskHide Props Config as well.

5. I suspect kbc app checks against having apps like superuser and the like installed. Back in the day the app worked when I uninstalled that. But this is 5 years ago so YMMV.