As the name suggests, Play Integrity will check if the device hardware is secure (unmodified, non-rooted) and verify app binaries to ensure they come from a legitimate source. Google allows developers to use the Play Integrity API in their apps to identify if there are any security risks; what the app does next is up to the creator. Most apps wouldn’t care for all integrity checks to pass, but some, with sensitive data, like banking and government apps, block such phones from using their service. Here are some of the reasons why Play Integrity checks may fail on your device:
The device has an unlocked bootloader.The device is rooted.The device is running a custom ROM.If a fix is implemented, it may be patched or conflicting with other modules.The device is using an unsigned ROM.The DenyList in Magisk may not be configured to exclude Google services.
How to Bypass Failed Play Integrity Checks?
To bypass Play Integrity checks, the device will either need to spoof or bypass the said requirements to find its way around these checks. There’s a legitimate way, and then there are workaround modules that’ll essentially trick Play Integrity into showing the green checkmark and subsequently allow apps with strict device state detection to run on your phone.
↪ Revert to the Device’s Stock ROM (Lock Bootloader)
Since Play Integrity verifies the device status, the most straightforward and legitimate way to retrieve that status is to revert to a locked bootloader and flash the manufacturer’s stock ROM. This would be the simplest and most effective way to avoid the hassle of periodically updating specific modules inside Magisk. In addition, if your banking service takes security seriously, you may want to consider opting out of workarounds. If and when a Play Integrity module is patched, chances are that your financial services will detect that and may block certain services, like online banking, from running on your account or, even worse, lock you out of your account.
↪ Play Integrity Fix Module (Keeps Root & Bootloader Status)
Disclaimer: The methods in this guide involve changing your device’s operating system and security settings, which can be risky. Doing this might void your device’s warranty and could lead to data loss, system issues, or security vulnerabilities. It may also break the rules of certain apps or services, possibly resulting in account suspensions or bans. Proceed with caution. This guide is for educational purposes only. We are not responsible for any damage, loss, or legal issues that may arise from following these instructions. For most people who root their devices via Magisk, the Play Integrity Fix is a must-install. This module bypasses the Play Integrity limitations and spoofs apps to verify the device’s authenticity. However, before proceeding, there are certain elements you need to keep in check.
Pre-Requisites
Install Procedure
The general overview of this section is that it’ll hide selected apps from being detected in a rooted environment and will install Magisk as a proxy application. If a Trusted Execution Environment (TEE) is broken, it’ll attempt to fix it, use Shamiko to hide Zygisk, and finally flash the Play Integrity Fix module.
1) Hide the Magisk App
The first plan of action is to hide the Magisk app itself. Some services access the list of installed apps on the phone, and if they find Magisk, they use that information to extrapolate that the device is modified. Magisk allows you to replace itself with a proxy app with a random package ID.
2) Configure the DenyList
The selected apps in the DenyList are a set of services that would be referenced to be blacklisted from root detection. This means that modules such as Shamiko and MagiskHide will use this list to block apps from identifying the root status on your device. Note: Go to your phone’s settings, force stop, and clear data for both Google Play Store and Play Services after configuring the DenyList.
3) Spoof the Bootloader Status (If TEE Broken)
Since Play Integrity also relies on the bootloader status to check device integrity, it is important to spoof that too.
4) Hide Zygisk & Flash Play Integrity Fix Modules
To hide the remaining root traces from your device, flash the Shamiko module (Magisk), or Zygisk Assistant, if you’re on KernelSU.
5) Push a Working Keybox File via MT Manager
It is important to update the keybox files periodically since they’re patched sooner or later. These will be the keys that’ll be used to spoof the integrity tokens. You can find these tokens via online forums on XDA, Reddit, and Telegram.
