Hi there, long time user of xiaomi.eu, thanks for your work.
Just updated my Xiaomi Mi 11 Ultra to 14.0.9 from 14.0.6. My banking apps (Santander, Starling) are now not working, and from reading the thread above it's because it fails the Google Play Strong Integrity check. I'm not sure whether it passed in 14.0.6, I was wondering whether a fix for this is likely from xiaomi.eu devs, or whether it's a change from Google's side.
Thanks
It's not always 100% sure that particular banking apps fail due to checking for Strong Integrity or MORE LIKELY due to checking for UNLOCKED BOOTLOADER but NOT THROUGH Play Integrity API - they could also fail due to checking for SOMETHING TOTALLY DIFFERENT
Indeed, Google itself does not require Strong Integrity for Wallet. It's enough that Play Integrity API passes with Device and Basic Integrity.
And Google does not care about other checks (like TWRP folder, Magisk app but without root, enabled Developer options, etc)
And Google still has their reasons why they allow that way (there could be some older devices with locked BL, never modded, who could fail Strong Integrity tests due to their improper implementation of TEE = Trusted Execution Environment) - TEE is not used only for Strong Integrity but also for (users) fingerprints checking and other sensitive operations
On the other side, Google offers few hundred thousands bucks for bounty to those who could proof that they can spoofed TEE on the Pixels with Titan. Hence don't really expect that TEE will be spoofed (more generallyl, not just on Titan) and therefore that Strong Integrity would be spoofed
But as mentioned above, there are also other methods for direct checking (not through Play Integrity) if BootLoader is unlocked. And that can be spoofed through Magisk and certain modules - but Magisk itself then opens additional loopholes for 'banking' apps to detect 'root' (or, as they generally call 'unsafe environment' or similarly)
---
All in al, always try eg:
- Without Magisk
Moreover, without even Magisk app (some apps check for Magisk app, even when phone is not rooted by Magisk)
- Disable Developer options (some apps simply check for that, not for unlocked BL and not for Strong Integrity)
- Delete TWRP folder if present (again, some apps check [also] for that)
Then, long press to icon's app, go to App info, wipe All Data (not just Cache) for that app and test it again
I'm not saying that it will always work - but there are still apps that fail due to above checks (and maybe other similar but primitive checks), not because they really look for Strong Integrity, or more generally for unlocked Bootloader
---
However, those users who never unlocked their BL, they therefore stayed on the official, stock BL, without TWRP, Magisk, etc.
They would usually not even enable Dev Options, install Magisk app (no use without root), the would not have TWRP folder (they couldn't install TWRP, therefore they didn't create TWRP backup), etc
Hence, there on their phones:
- Strong Integrity passes
- banking apps work
But that does not imply that for the modded phones where the same banking app(s) do not work, they really don't work because they checked for Strong Integrity
Eg, today is sunny and John does not hold his umbrella
But if you see tomorrow John again without his umbrella, don't rely on that to conclude that tomorrow is sunny outside
Or, if you see the rain tomorrow, don't conclude that John would must have his umbrella
---
Unfortunately, there are lot of people who make those improper conclusions and then spread it around through TG channels (the fastest way)
However, one thing is for sure - if you want to be 100% sure to pass all kind of 'banking' apps, then do not mod your phones (do not unlock BL, hence do not install custom ROMs and custom recoveries, etc)
And for sure, it will be even worse. More and more apps will be checking (by various means, not exclusively by looking for Strong Integrity) if phones are modded.
Seems like some developers enjoy in that
