Because of Android"s new system, certain apps can now block rooted users or prevent you from accessing them altogether - but at least for now, there are still ways around these restrictions.
You can pass most of SafetyNet"s checks with and , but Google"s (CTS) remains a hurdle in some cases. With certain setups, you"ll still get a "CTS Profile Mismatch" error that causes the SafetyNet check to fail, even with Magisk installed.
If this has happened to you, there are a number of potential causes, ranging from incompatible root management apps to issues with Magisk Hide. So to help you get to the bottom of the issue, we"ll go over seven solutions below.
Before You Begin
This guide assumes you"ve already installed Magisk, which is a systemless root utility that can hide its presence from SafetyNet. If you haven"t already done this, head to get started.
When it comes to actually checking your SafetyNet status, the easiest way to do that would be to open the Magisk Manager app and tap the "SafetyNet Check" button at the bottom of the screen. So while following this guide, periodically re-check your SafetyNet status by opening the Magisk Manager app, swiping down to refresh, then tapping the "SafetyNet Check" button again.
Checking SafetyNet status in Magisk Manager.
Step 1: Get Rid of SuperSU and Use MagiskSU with Magisk Hide
The most likely cause of a CTS profile mismatch is a root management app that doesn"t hide itself from SafetyNet. This is the case with Chainfire"s SuperSU, which is the most popular root management out there.
Chances are, you originally rooted your phone using the SuperSU ZIP or CF Auto Root, which both install SuperSU as the default root management app. If you did that, and then installed Magisk, the leftover root binaries from SuperSU will cause SafetyNet to trip.
So if this is the cause of your CTS issues, you"ll need to uninstall SuperSU"s binaries and replace them with Magisk"s built-in root management app. But there"s one more wrinkle: If you have the Xposed Framework installed or if you"ve modified any system files using root access, you"ll need to undo those changes as well. Not to worry, though, we"ve outlined that entire process with a separate guide, so head to the following link to get squared away.
Once you"ve done that, make sure the "Magisk Hide" option is enabled in your Magisk Manager app. From there, you may want to hide additional apps using Magisk Hide, which essentially prevents the apps from knowing that you"re rooted.
To do that, head to the side navigation menu in your Magisk Manager app and select "Magisk Hide." From here, it may be helpful to tick the boxes next to Google Play Store and Google Services Framework as well as any other app you"re having SafetyNet issues with.
Step 2: Still No Good? Try Flashing unSU
If the above guide didn"t fix your CTS profile mismatch problems and you"re certain you"ve undone any system mods, it"s possible that you still have a few bits of data left over from SuperSU. The "Full Unroot" option in the SuperSU app is supposed to get rid of everything, but it"s not always perfect.
So to make sure you"ve completely eradicated SuperSU and its binaries, you can use a flashable ZIP created by developer osm0sis . To start, just tap the following link from your Android device, then boot into custom recovery.
From there, tap the "Install" button in TWRP"s main menu, then navigate to your Download folder and select UPDATE-unSU-signed.zip . After that, swipe the slider to flash the ZIP and eradicate all traces of SuperSU, and when you"re done, go back and re-flash the Magisk ZIP. After rebooting, check your SafetyNet status again - if you still don"t pass, move onto the next step.
Step 3: Change SELinux to Enforcing
If you"re still stuck, this next step is rather simple, though it would only apply if you"ve previously used an app to set your SELinux mode to "Permissive." Magisk attempts to hide your SELinux status from SafetyNet, but it"s not always perfect, so your best bet is to set SELinux back to its default mode of "Enforcing."
So open whichever SELinux mode changer app you used to set the mode to "Permissive" in the first place, then toggle the setting back to "Enforcing" and reboot. Sadly, we can"t share apps that change SELinux modes since Google blacklists sites that do, so if you"ve uninstalled the app, you"ll have to find it again on your own. That"s easy, though - just head to the XDA forums and search for "SELinux."
Step 4: Turn Off USB Debugging
For some strange reason, a fairly common cause of SafetyNet issues with Magisk is the "USB Debugging" setting in Developer options. So if you have this option enabled, head to your Settings menu to disable it, then reboot and see if that solved your SafetyNet issues.
Step 5: Custom ROM? Try a Custom Kernel
As I mentioned earlier, CTS stands for "Compatibility Test Suite." This is the process Google uses to verify that a device and its firmware meet certification standards, and to put it simply, a will never officially pass this test.
However, some custom kernels can help with this issue. The most popular kernel that"s been known to help with custom ROM incompatibility is Franco Kernel. It"s available for all Nexus, Pixel, and OnePlus devices, as well as the Redmi Note3, and the easiest way to install it would be to purchase the FKU app , then tap the "Download" button on the main page. Otherwise, you can search your device"s XDA forum to find a free flashable ZIP.
For some custom ROMs (particularly Lineage OS), this option may not fully solve the problem. However, many apps that use SafetyNet only check one CTS-related aspect called "Basic Integrity," and flashing Franco kernel will usually fix that aspect. So while Magisk Manager may still report a CTS mismatch, you may very well be able to use all of your apps now.
Finally, for Xiaomi users that are running a custom ROM, there"s another option. This Magisk module by developer Deic will reportedly make your phone pass the CTS test, so try installing it, then rebooting.
Step 6: Address Other Potential Problems
Before you take the nuclear approach outlined in Step 8 below, there are a few less-common issues that might cause SafetyNet to fail based on a CTS profile mismatch, so they"re worth a shot.
First, it"s possible that the Magisk Hide daemon isn"t starting properly on your phone. To fix that, try heading to the settings menu in your Magisk Manager app, then toggling the "Magisk Hide" option off and back on. Failing that, disable Magisk Hide, reboot, then re-enable the option.
Some users have also reported that Magisk"s "Systemless hosts" and "BusyBox" options caused them to experience issues with SafetyNet. As such, you may want to disable these two options in the Magisk Manager app"s settings menu, though note that disabling systemless hosts may cause issues with ad blockers like AdAway.
Step 7: Enable Core Only Mode
As a last-ditch effort, you can try enabling the "Core only mode" option in Magisk Manager"s settings. This will disable any Magisk modules you"ve installed which could be causing conflicts with SafetyNet, leaving you only with Magisk SU and root.
It may not be the ideal solution, but after Google updated SafetyNet to detect Magisk, enabling "Core only mode" seems to be the only fix that helps most users pass the CTS test. To try it out, head to the settings menu in Magisk Manager and tick the box next to "Core only mode," then reboot and run the SafetyNet check again.
Step 8: If All Else Fails, Start from Scratch
We"ve saved this step for last because it"s a catchall solution, but it"s a painful pill to swallow. If all else fails, simply restore your device"s stock firmware, reinstall custom recovery, then flash the Magisk ZIP that you can download in the Magisk Manager app. This will work in almost all cases.
The process of restoring your stock firmware will vary depending on the device, but if your phone has a bootloader menu that supports Fastboot commands, we"ve covered the process at . Failing that, your best bet would be to do a Google search for "restore stock firmware
So have you finally solved your CTS profile mismatch issues? Do you have any other tips that will help get people past that dreaded SafetyNet check? If so, drop us a line in the comment section below.
Cover image and screenshots by Dallas Thomas/Gadget HacksRelated
Magisk 101
:
How to Install Magisk & Root with TWRP
How To
:
Fix Play Store Uncertified Errors When You Forget to Flash Magisk
Magisk 101
:
How to Install Magisk Modules from the Repo or Third-Party Sources
News
:
T-Mobile Galaxy S8 Update Breaks SafetyNet & Android Pay
Magisk 101
:
How to Switch from SuperSU to Magisk & Pass SafetyNet
SafetyNet Explained
:
Why SafetyNet Shows That Google Actually Cares About Android Root
How To
:
Use Twitter Custom Timelines
Tasker 101
:
How to Import Tasks & Profiles
How To
:
Use the align command to fix normals in modo 101
News
:
Rooters Beware, Google Will Soon Start Locking You Out of Apps
News
:
Google"s March Security Update Breaks Android Pay on Some Pixel & Nexus Devices
Tasker 101
:
How to Create an Exit Task
How To
:
Root Your OnePlus 6 with Magisk - A Beginner"s Guide
How To
:
Root Your OnePlus 6T with Magisk
How To
:
Easily Change Your Phone"s Font Without Tripping SafetyNet
News : Good place to set up a profile
How To
:
fix the error "transaction was not successful"
-
* Recommended to upload a 720*312 image as the cover image
Article Description
MIUI Еженедельные советы от Ru_Ivan #47 - Решение проблемы с SafetyNet при помощи: Magisk+Magisk safetynet fix.У Вас установлен Magisk, но что бы Вы ни делали при проверке SafetyNet у вас возникает проблема с ctsProfile. Решить эту проблему вполне возможно. Не будем тянуть время и перейдем к решению.Что нужно сделать:Первым делом - делаем полный бекап системы!Заряд батареи не менее 60%За все действия над устройством несете ответственность только Вы.Для Magisk ver 13.x/14.01. Для Magisk версии Magisk 13.х/14.0, версии 15+ не поддерживается. Нужно: скачать фикс для SafetyNet с XDA.2. Установить используя Magisk - модули, либо TWRP.3. Перезагрузить смартфонДля Magisk 15.xОгромная благодарность - Eni_Fadilah за статью на en.miui.com, в которой был выложен файл фикса SafetyNet универсайльный, но подготовленый для Redmi 4X (Santony). - Если у Вас Redmi 4x (Santony):1. Качаем фикс SafetyNet (оригинал) - Google disk2. Устанавливаем при помощи Magisk manager или TWRP3. Перезагружаем смартфонЧто в пакете?Помимо всего прочего:- SafetyNet Fix- Разблокирует полноэкранные функции- Boot анимация Miui 9- Selinux Permissive mode- Build.prop Tweak- Папка 4X3 (Launcher)- Шторка 5X3- Ручной режим в камере- Захват объекта нажатием на экран в камере- Меняет host- Открывает меню выбора цвета светодиода (не обольщайтесь на многих моделях действительно только белый цыет работает)Первый метод помогает и на др. моделях смартфонов, но лично я не хочу терять свой файл host. И в настройках системы мне не нужны разные цвета индикатора, т.к. он у меня не RGB, а просто белый. А также изменения в сетки рабочего стола и шторке – я для себя давно уже сделал необходимые изменения интерфейса и мне этого достаточно.- Если Вы все же хотите минимум изменений и чтобы проходил SafetyNet, но смартфон у Вас не SANTONY:1. Качаем отредактированный mod (проверена работа на Redmi 5 plus с прошивкой MIUI.su, бетка)2. Устанавливаем также через Magisk manager или TWRP3. Перезагружамем смартфон.P.S. некоторая часть изменений все же произойдет в системе, не критичные изменения.- Если есть желание, то можно к Magisk_у плюсом внести изменения в build.prop, который находится.\system\ Изменения необходимо произвести всего в двух строках:ro.build.description=xxxxro.build.fingerprint=xxxxзначения этих строк (вместо хххх необходимо скопировать и вставить от Глобальной стабильной версии)Файл build.prop от Redmi 5 plus Global Stable - (удаляем.zip)НЕ ЗАБЫВАЕМ: в пункте Magisk Hide выбрать программы от которых прятать Root.Скриншоты сделаны на XIAOMI Redmi 5 plus.Google play market стал считать прошивку от MIUI.su (beta) за сертифицированную.Статьи из раздела Инструкция по установке MagiskЧто есть Magisk
Last Updated on June 14th, 2017
Before we go into the guide on , first let’s know about SafetyNet . This is a feature which Google uses to determine whether your Android device is rooted or not and if its found rooted then certain apps will cease to work. For example, Android Pay wouldn’t work on a rooted device – courtesy SafetyNet. Nowadays, rooting an Android device is a normal thing as it gives you power over the OS. You can do many things with a rooted Android device which are otherwise not possible. With a rooted Android device, you can install a custom ROM, a custom Kernel, or overclock the processor etc.
Magisk is a systemless root utility which hides its presence from SafetyNet. Means, with Magisk installed, SafetyNet won’t be able to detect that your Android device is rooted. However, Google’s CTS is still a problem and even with Magisk installed you might get ‘SafetyNet Failed: CTS Profile Mismatch Error’. Anyhow, in this Android Tutorial we will guide you How to Fix CTS Profile Mismatch Errors. Before we start, we are assuming that Magisk is already installed on your device.
Switch From SuperSU to MagiskSU to bypass SafetyNet
CTS Profile Mismatch Error is, in majority cases, caused because of the root management app. SuperSU is one of the most popular root management app in the market. But unfortunately, it’s not systemless and doesn’t hide from SafetyNet. Therefore, it’s highly likely that you will face CTS profile mismatch errors. So, first thing you need to do is to switch from SuperSU to MagiskSU to Fix CTS profile mismatch errors. Follow below steps carefully to successfully switch from SuperSU to MagiskSU.
- Uninstall Xposed Installer if it’s already installed on your device. To keep using Xposed modules, you can install systemless version of Xposed using Magisk. Once it’s uninstalled, reboot your device.
- As you rooted your device so it’s obvious that you must have installed apps which changed the core system files. You need to uninstall all such apps, or undo any changes made in the system files. The easiest way to revert back all the changes is to Flash the Stock System Image of your phone.
- Now you need to Unroot your Android Device. To do so, launch SuperSU and head towards Settings. In Settings, you will find an option called “Full Root”, tap on it and then tap on Continue. Here tap on “Yes” when it asks you that if you want to restore the stock boot image.
- Next, it will ask if you want to restore the stock recovery image. Tap on “No” option as TWRP custom Recovery is required to flash Magisk.
- Now open the Magisk Manager App and head towards the Install section. Here tap on the option named “Download”. Once the file is downloaded, reboot your device into recovery mode. Once you are in TWRP menu tap on Install and select Magisk.zip from the MagiskManager folder. To install the ZIP file, slide the button to the right and when finished, tap on ‘Reboot System.’
- Now go to Magisk Manager App >> Settings >> here enable Magisk Hide, BusyBox , and Systemless hosts options. The last thing is to clear Google Play Store data, to do so go to Settings > Apps > Play Store > Manage Space > Clear Data.
This is it! This should fix CTS profile mismatch errors. If the error is still bothering you then head towards the next solution.
Flash unSU to Fix CTS Profile Mismatch Errors
If the above method failed to work and you are still getting CTS Profile Mismatch Errors then try a flashable zip called unSU developed by osm0sis, and XDA developer. You had to come to this step because doing “Full Unroot” via SuperSU didn’t work and not all the data of SuperSU is removed. Therefore, flashing unSU via TWRP will ensure that no bits of SuperSU are left behind.
Turn Off USB Debugging to Fix CTS Profile Mismatch Errors
For some reason, if your USB Debugging option is On with Magisk installed, there are high chances that CTS Profile Mismatch errors will occur. Therefore, turn off USB Debugging option by going to Settings >> Developer Options >> here turn off the USB Debugging Option.
Set SELinux Back To ‘ENFORCING’ Mode
If you are still facing CTS Profile Mismatch Errors then this rather simple step. If at some point you changed the mode of SELinux to “Permissive” then it’s time to change the mode back to “Enforcing” which the default mode. Open the same app via which you changed the mode to “Permissive” and revert it back to the default “Enforcing” mode.
Install a Custom Kernel
If you are using a Custom ROM then obviously your device won’t pass Google’s certification tests and as result might face CTS profile mismatch errors. However, to overcome this issue you need to install a custom kernel called “Franco Kernel”. And to install Franco Kernel you need to buy an app called “Franco Kernel Updater” or “FKU”. Once FKU is installed, open it and Tap on “Download” option.
By now you must have got ridden of the CTS Profile Mismatch Errors, but if, the error is still popping up then you must take the hard route. You will have to take things from scratch like flash Stock ROM, install TWRP, and flash Magisk ZIP. We hope it doesn’t come to this. Please let us know at which point you stopped facing CTS Profile Mismatch Errors.
Позволяющий осуществлять бесконтактные платежи. Но не успели владельцы Android-смартфонов порадоваться новым возможностям, как перед многими из них встала проблема. Приложение благополучно устанавливалось на устройство, но при попытке запуска смартфон выдавал сообщение следующего содержания: «Google Pay не поддерживается на этом устройстве. Нам не удалось проверить соответствует ли Ваше устройство стандартам безопасности, установленным для Google Pay. Причина может быть в том, что на нем настроен root-доступ, разблокирован загрузчик операционный системы или установлено неоригинальное ПЗУ».
Что интересно, пострадала, как обычно, та часть пользователей, которая предпочитает иметь при себе не просто телефон для общения, а удобный и производительный инструмент для решения разного рода повседневных задач. Как вы уже, вероятно, догадались, это те, кто получил Root-права на свой смартфон и установил модифицированные прошивки с качественным переводом на русский язык, разблокировав при этом загрузчик (ознакомиться ). Еще интереснее то, что, к примеру, у смартфонов Xiaomi даже официальная еженедельная сборка для устройств этого популярного бренда не проходит проверку в Google Pay - приложение согласно работать лишь со стабильными версиями MIUI , обновления которых происходят раз в несколько месяцев.
С подобной проблемой мы уже разбирались полтора года назад, и тогда нам удалось помочь пользователям обойти требования безопасности мобильной версии сервиса « ». Механизмы защиты Google Pay оказались примерно идентичными. Но (повторимся) прошло полтора года, и сегодня, благодаря усилиям тех самых продвинутых и любознательных пользователей, создана программа под названием «Magisk - The Universal Systemless Interface », позволяющая получить нужный результат проще и быстрее - без отказа от прав суперпользователя и установки патченных версий софта. Установка этой программы дает возможность полноценно использовать сервис Google Pay на смартфонах с Root-правами, разблокированным загрузчиком и кастомными прошивками.Как воспользоваться программой Magisk?
Основное условие использования Magisk - наличие её собственных Root-прав (MagiskSU) или официально несистемный SuperSU. В любом другом случае Magisk попытается удалить сторонние root-права и установить по умолчанию MagiskSU.Решение проблемы с Google Pay:
** В случае, если Вы не хотите устанавливать Magisk и остальное стороннее ПО, существует более простой способ скрытия Root-прав и/или разблокированного загрузчика от Google Pay: необходимо заменить две строчки (имя производителя и модель смартфона) в файле build.prop (например, с помощью