In this guide, we will show you the steps to hide root from apps and games using Magisk DenyList. The benefits of getting administrative privileges over an open-source OS like Android stands aplenty. Among them, it’s the ability to flash modules and tweaks that is at the top of the priority queue, However, this is just one side of the coin. Rooting has its own downsides as well, the primary among them is the fact that SafetyNet getting triggered.
When that happens, some of the apps installed on your device will detect that the device is now rooted and hence will refuse to function. The majority of these apps belong to the payment and banking domain. Along the same lines, games like Pokemon Go wouldn’t function either (because you will then be easily able to spoof the location). To counter this, Magisk came with a MagiskHide that allowed you to hide root from all these apps.
But now, the developer of Magisk has joined the Android Security Team and this feature (along with a few others) has been removed from the app, and that is completely understandable. However, this is where open-source comes in handy. Various developers picked up that task and with the introduction of Zygis in Magisk, you once again have the option to hide root from apps and games using its DenyList feature. And in this guide, we will show you how to do just that. So without any further ado, let’s get started.
How to Hide Root from Apps via Magisk DenyList on Android 13
Before we start off with the instructions, make sure your device checkmarks all the prerequisites that we have listed below. If it doesn’t qualify one [or all] of the requirements, then refer to the attached reference guide next to it and get that work done first [compulsory]. After that, you may come back to this guide to hide the root from your device.
Moreover, the below process will not wipe the data, but it is still recommended to be on the safer side and take a complete device backup beforehand. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.
STEP 1: Pass SafetyNet
First off, your device should pass the SafetyNet Test either via Universal SafetyNet Fix or Magisk Hide Props Config module. If that is not the case, then you could refer to our guide on How to Pass SafetyNet on Rooted Android 12/13.
STEP 2: Enable Zygisk and Enforce DenyList
- Launch the Magisk App on your device and tap on the Settings icon situated at the top right.
- After that, scroll to the Magisk section and enable the toggle next to Zygisk and Enforce Deny List.
- Now restart the device for the changes to take place. Also, verify that Zygisk status is YES under Magisk.
STEP 3: Configure DenyList
- Under the Magisk Settings menu, tap on Configure DenyList.
- Now checkmark the apps from which you need to hide the root.
- After that, tap on the overflow icon situated at the top right and select Show System App.
- Now checkmark Google Play Protect Services, Google Play Services, Google Play Store. and Google Service Framework.
STEP 4: Hide Magisk App
- Go to the Magisk settings menu and tap on Hide the Magisk App.
- Then give it the desired name of your choice and tap OK.
- The hiding process will now begin. Once done, it will ask whether you wish to have the app shortcut on the home screen.
- For ease of convenience, you may select Yes and then tap on the Add to Home Screen button.
STEP 5: Delete Play Service and Play Store Data
- Head over to Settings > Apps > See All Apps.
- Then select Google Play Service and go to its Storage and Cache section.
- After that, tap on Manage Space > Clear All Data.
- Once that is done, go back and select Google Play Store.
- Then go to the Storage and Cache section and tap on Clear Storage > OK.
- Finally, restart your device for the changes to take place.
That’s it. The root is now hidden from your chosen apps and games via Magisk DenyList. You may now launch the desired app and start using it normally. it wouldn’t have even an iota of a hint that your device is rooted! If at any point in time, you wish to add any third-party or system app, then just head over to Magisk’s DenyList section and checkmark the desired app. With that said, if you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.
- How to Install or Update Magisk to version 24- Welcome Zygisk!
- Fix Google Pay rooted or running uncertified software on Android 12L
- How to Remove Navigation Bar Gesture Pill on Android 12 Without Root
- How to Install OTA Updates in Rooted Android Device
About Chief Editor
Thanks. Worked for Android 7, Magisk 24.1 :))
Same Here. Thank you!
why do you and everyone think denylist is hiding instead of opt-out feature?
Thank you so much for all the guides! From unlocking the bootloader to rooting and hiding root! All worked pretty well.
Magisk changed how modules are loaded. I didn’t see any download button to get the required modules installed. I had to manually download them and install it from storage. It was the only option Magisk app gave me. However, I now have a successful hidden rooted Google Pixel 5a 5G phone!
After rooting and configuring denylist and everything, my banking apps works perfectly, however when I try to take screenshots it blocks me, then I went ahead to to download and configure disable flag secure module in LSposed. but disable flag secure doesn’t work because because the banking apps in zygist deny list.
Use shamiko module, then switch off enforced deny list on magisk.
Worked like charm on Android 11
Glad that it worked out for you mate.
I put a check mark on “google services framework” I restart the application and the check mark disappears, what to do? The same situation with “Google play service”
Thank’s sir, This is work
I did everything yet icici app and gPay app detect root. Both YASNAC and RootBeer apps pass security. But bank apps detect the root. I am on android 12.1 Evolution X rom on OnePlus 8.
Any suggestions?
SADIQUE HASSAN is nowhere to know the solution to solve on this issue.
The reason why gPay app/bank apps detect root is because gPay app/bank apps are detect the bootloader is unlocked, and Magisk is did not hide the fact that bootloader is unlocked.
The fact is gPay app/bank apps is refuse to working when the bootloader is unlocked, or gPay app/bank apps is accept to working when the bootloader is locked.
However, do not lock the bootloader when your device is rooted, because locking the bootloader when your device is rooted will cause the device to bootloop.
I wonder if SADIQUE HASSAN is ever available to be present to suggest you to not locking the bootloader when your device is rooted?
Yeah, in fact that SADIQUE HASSAN is always unavailable when you need him.
Doesn’t work with Microsoft teams
In my case it does not work for Pokemon Go. Short time after the app-start the app crashes. Is there a solution?
Hello, I do not have the option for Zygisk and Enforce DenyList on Magisk 25.2
Can soneone please help me?
Doesn’t seem to work for Android 11 for me with these instructions. I stole the following from reddit though which did work (Credit to OP!)
https://github.com/xeddmc/terminal_systemizer/releases/tag/17.4.1
The module from the link above should work on Android 11 according to the information below (answer 1295):
https://forum.xda-developers.com/t/module-terminal-app-systemizer-v17-3-1.3585851/page-65
You also need to install Busybox for Android NDK module to work.
Android 13, MIUI 14 working! Thanks!