In this guide, we will show you the steps to hide root from apps and games using Magisk DenyList. The benefits of getting administrative privileges over an open-source OS like Android stand aplenty. Among them, it’s the ability to flash modules and tweaks that are at the top of the priority queue, However, this is just one side of the coin. Rooting has its own downsides as well, the primary among them is the fact that SafetyNet getting triggered.
When that happens, some of the apps installed on your device will detect that the device is now rooted and hence will refuse to function. The majority of these apps belong to the payment and banking domain. Along the same lines, games like Pokemon Go wouldn’t function either (because you will then be easily able to spoof the location). To counter this, Magisk came with a MagiskHide that allowed you to hide root from all these apps.
But now, the developer of Magisk has joined the Android Security Team, and this feature (along with a few others) has been removed from the app, and that is completely understandable. However, this is where open source comes in handy. Various developers picked up that task and with the introduction of Zygis in Magisk, you once again have the option to hide root from apps and games using its DenyList feature. And in this guide, we will show you how to do just that. So without any further ado, let’s get started.
Table of Contents
How to Hide Root from Apps via Magisk DenyList
Before we start off with the instructions, make sure your device checkmarks all the prerequisites that we have listed below. If it doesn’t qualify one [or all] of the requirements, then refer to the attached reference guide next to it and get that work done first [compulsory]. After that, you may come back to this guide to hide the root from your device.
Moreover, the below process will not wipe the data, but it is still recommended to be on the safer side and take a complete device backup beforehand. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.
STEP 1: Hide Magisk App
- Launch Magisk, go to its settings menu, and tap on Hide the Magisk App.
- Then give it the desired name of your choice and tap OK.
- The hiding process will now begin. Once done, it will ask whether you wish to have the app shortcut on the home screen.
- For ease of convenience, you may select Yes and then tap on the Add to Home Screen button.
STEP 2: Enable Zygisk and Enforce DenyList
- Launch the Magisk App on your device and tap on the Settings icon situated at the top right.
- After that, scroll to the Magisk section and enable the toggle next to Zygisk and Enforce Deny List.
- Now restart the device for the changes to take place. Also, verify that Zygisk’s status is YES under Magisk.
STEP 3: Configure DenyList
- Under the Magisk Settings menu, tap on Configure DenyList.
- Now checkmark the apps from which you need to hide the root.
- After that, tap on the overflow icon situated at the top right and select Show System App.
- Now checkmark Google Play Protect Services, Google Play Services, Google Play Store, and Google Service Framework.
- Make sure to expand each of these apps and checkmark all their associated services.
STEP 4: Delete Play Service and Play Store Data
- Head over to Settings > Apps > See All Apps.
- Then select Google Play Service and go to its Storage and Cache section.
- After that, tap on Manage Space > Clear All Data.
- Once that is done, go back and select Google Play Store.
- Then go to the Storage and Cache section and tap on Clear Storage > OK.
- Finally, restart your device for the changes to take place.
That’s it. The root is now hidden from your chosen apps and games via Magisk DenyList. You may now launch the desired app and start using it normally. it wouldn’t have even an iota of a hint that your device is rooted! If at any point in time, you wish to add any third-party or system app, then just head over to Magisk’s DenyList section and checkmark the desired app. With that said, if you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.
UPDATE: Pass Play Integrity Test
Apart from hiding root via Magisk DenyList, it is also recommended that you pass the Play Integrity Test. This is because simply hiding the root/passing SafetyNet might not get the job done. Moreover, many banking/payment apps have already moved over to the Play Integrity API from the current SafetyNet. So do carry out the steps listed in our guide on How to pass ‘Meets Device and Basic Integrity’ via Play Integrity Fix.
Kris
Works for all my apps except uber driver app, Thank you!
Moorish
Does this work on emulators as well?
Tim02130
This isn’t working for me. At first I couldn’t add the card I wanted to Gpay (which insisted I put it in Wallet, which it didn’t do before I rooted the phone), apparently because my bank wouldn’t let me add that card. I was, however, able to add another card (that I don’t really use to it). Then when I tried the first card again, I started getting the “This phone can’t be set up to tap to pay”. That is when I found this site, and I’ve followed the instructions on it pretty carefully, but the error has not gone away: Gpay won’t even let me try to contact my bank for permission.
Is it possible that Google has flagged my phone in its own databases and now it wouldn’t even help to revert to an unrooted phone? I’m using Google Fi on a Pixel 4a, so they probably could if they wanted to …
Jill
Hello,
This seems to be great data well explained. I just wanted to shut down the shutter camera sound in my pixel 7a. That’s basically why I wanted to root it and install the magisk module to force the sound off.
But of course I need some banking apps to work and it seems to be necessary to get trough all of this.
I wonder if all these changes of shutting camera sound by a magisk module and hiding the root from all these apps will rest in time or if any system upgrade will erase it off?
Faisal Hossain
Applied on android 13, applications complained about rooting are now working fine. The pictorial explanation eased up the process a lot. Thank you very much.
Dario
Android 13, MIUI 14 working! Thanks!
NeonS
Doesn’t seem to work for Android 11 for me with these instructions. I stole the following from reddit though which did work (Credit to OP!)
https://github.com/xeddmc/terminal_systemizer/releases/tag/17.4.1
The module from the link above should work on Android 11 according to the information below (answer 1295):
https://forum.xda-developers.com/t/module-terminal-app-systemizer-v17-3-1.3585851/page-65
You also need to install Busybox for Android NDK module to work.
Minette
Hello, I do not have the option for Zygisk and Enforce DenyList on Magisk 25.2
Can soneone please help me?
PokeGamer
In my case it does not work for Pokemon Go. Short time after the app-start the app crashes. Is there a solution?
Kyle
Doesn’t work with Microsoft teams
Feroze
I did everything yet icici app and gPay app detect root. Both YASNAC and RootBeer apps pass security. But bank apps detect the root. I am on android 12.1 Evolution X rom on OnePlus 8.
Any suggestions?
Hasbunallahu Wa Ni'mal Wakeel
SADIQUE HASSAN is nowhere to know the solution to solve on this issue.
The reason why gPay app/bank apps detect root is because gPay app/bank apps are detect the bootloader is unlocked, and Magisk is did not hide the fact that bootloader is unlocked.
The fact is gPay app/bank apps is refuse to working when the bootloader is unlocked, or gPay app/bank apps is accept to working when the bootloader is locked.
However, do not lock the bootloader when your device is rooted, because locking the bootloader when your device is rooted will cause the device to bootloop.
I wonder if SADIQUE HASSAN is ever available to be present to suggest you to not locking the bootloader when your device is rooted?
Yeah, in fact that SADIQUE HASSAN is always unavailable when you need him.
BSP98
Thank’s sir, This is work
Ivan
I put a check mark on “google services framework” I restart the application and the check mark disappears, what to do? The same situation with “Google play service”
Mukam
me to. Android version 9.
Nah
Worked like charm on Android 11
Sadique Hassan
Glad that it worked out for you mate.
steps parku
After rooting and configuring denylist and everything, my banking apps works perfectly, however when I try to take screenshots it blocks me, then I went ahead to to download and configure disable flag secure module in LSposed. but disable flag secure doesn’t work because because the banking apps in zygist deny list.
Hect
Use shamiko module, then switch off enforced deny list on magisk.
JonathanB503
Thank you so much for all the guides! From unlocking the bootloader to rooting and hiding root! All worked pretty well.
Magisk changed how modules are loaded. I didn’t see any download button to get the required modules installed. I had to manually download them and install it from storage. It was the only option Magisk app gave me. However, I now have a successful hidden rooted Google Pixel 5a 5G phone!
HuskyDG
why do you and everyone think denylist is hiding instead of opt-out feature?
D
Thanks. Worked for Android 7, Magisk 24.1 :))
Aaron
Same Here. Thank you!