In this guide, we will show you the steps to pass the SafetyNet and hide root from various apps on your rooted Pixel 7/Pro. Google is among the very few players in the market that still gives some weightage to the custom development community. As a result of which, whenever there is a new addition to the Pixel family, there is an aura of anticipation surrounding the tech domain.
Well, it may sound a little bit strange to some of you, but I have come across numerous Pixel users who straightaway unlock the device’s bootloader as soon as they unbox it. But while all these do tend to add a slew of goodies to your device, but there’s another side to this story that deserves your attention as well. Carrying out these tweaks also comes with its share of downsides. Among them, the most concerning is the SafetyNet getting tripped.
Table of Contents
What is SafetyNet and why my Device should Pass it?
For the unaware, SafetyNet is an API that is embedded into your device by Google in order to check if your device has been modified or not. So if your device has been tampered with [rooted], the test will fail and you will not be able to use banking and payments apps or try out games like Pokemon Go. Likewise, Widevine L1 Certification will drop to L3, thereby resulting in your inability to stream DRM content in Full HD.
To make it even more difficult for us to pass this test, Google has switched from the Basic to the Hardware-based Attestation. But by changing the device’s fingerprint to an older Pixel device, you could spoof your device to basic attestation. This in turn will allow you to easily pass the Safetynet and hide root from the desired apps on your rooted Pixel 7/Pro. So without further ado, let’s check out how all of this could be carried out.
How to Pass SafetyNet on Rooted Pixel 7/Pro
Given below are two different methods to get this job done. The first method is the old and lengthier approach but initially, it was our only escape route. However, now there is a new and shorter approach available as well, which we have listed in Method 2 [recommended]. Both these methods should work across numerous Android devices [tested on Pixel 6/7 series and the OnePlus 7 series].
Likewise, it should work on both Android 12 and 13 [should also work on older Android versions, but I haven’t tested them myself]. So on that note, let’s get started. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.
METHOD 1: Pass SafetyNet using Magisk Hide Props Config [OLD]
This is the lengthier of the two methods and involves spoofing the device’s fingerprint to one of the older devices that followed Basic Attestation and were easier to bypass.
STEP 1: Install MagiskHide Props Config
- Download the MagiskHide Props Config module from GitHub/XDA and send it to your device.
- Then launch the Magisk App onto your device.
- Now tap on Install from Storage, select the Module, and hit Install.
- Once the installation is complete, hit the Reboot button situated at the bottom right.
STEP 2: Force Basic Attestation
We will now be starting with the implementation of the BASIC attestation on top of the hardware-based so that it becomes easier to bypass. Here’s how it could be done:
- First off, install any terminal emulator app on your device (such as the Termux app).
- Now launch it and type in the below command:
su -c props
- You will now get a Superuser Request, tap Grant.
- It shall now launch the MagiskHide Props Config within the terminal itself. Type in 2 [Force BASIC Key Attestation] and hit Enter.
- This shall take you to the Force BASIC Key Attestation page. By default, the value will be set to Nexus 5.
- I would recommend you select Pixel 3 running Android 10. So, type in d [Yes, pick value from device list] and hit Enter.
- Then type in 7 [Google] and press Enter. After that, type 18 [Google Pixel 3] and press Enter.
- It will now ask you to select the Android version, type in 2 [Android 10]. Then confirm the selected value by typing y [YES].
- Finally, you will have to reboot the device. So type y [YES] and press Enter.
STEP 3: Instal Riru Module
Next up, you will have to install the Riru Module, which is a prerequisite for the SafetyNet Fix Module (STEP 5).
- Download the Riru Module from GitHub and transfer it to your device.
- Then launch the Magisk App and go to the Modules section.
- Now tap on Install and wait for the process to finish.
- Once done, tap on the Reboot button that appears at the bottom right.
STEP 4: Flash SafetyNet Fix
UPDATE: We will now be using the new Safetynet Fix module created by XDA Senior Member displax which works perfectly with Pixel 7/Pro and other devices launched with Android 13 out of the box.Universal SafetyNet Fix Magisk Module is a module created by XDA Senior Member kdrag0n that completes the process of implementing the BASIC attestation on top of the hardware one.
- To begin with, download the new SafetyNet Fix Module from XDA.
- Then transfer this module to your device and launch the Magisk App.
- Now go to the Modules section and tap on Install from Storage.
- Browse to the Universal SafetyNet Fix Magisk Module and select it. The module will now be flashed.
- Once done, tap on the Reboot button that appears at the bottom right.
STEP 5: Enforce Deny List and Enable Zygisk
Deny List is the new name for Magisk Hide. For the unaware, it is the feature through which you could hide root from various installed apps onto your device. So let’s first enable this Deny List and then configure it according to the requirement.
- Launch the Magisk App onto your device
- Then tap on the Settings icon situated at the top right.
- Now enable the toggle next to Zygisk and Enforce Deny List.
- Now restart your device for the changes to take place. Then launch Magisk and make sure it says YES next to Zygisk.
STEP 6: Configure DenyList
- Under the Magisk Settings menu, tap on Configure DenyList.
- Now, select the desired user apps in order to hide root from it [optional].
- After that, tap on the overflow icon situated at the top right and select Show System App.
- Now checkmark Google Play Protect Services, Google Play Services, Google Play Store. and Google Service Framework.
- [IMP] Then tap on each of these apps to further expand them and then checkmark their associated services as well.
- NOTE: Upon restart, the Google Service Framework might get unchecked and Google Play Services might be missing from the DenyList. This is just a UI bug and nothing to worry about [they are still active in the backend].
STEP 7: Hide Magisk App
- Go to the Magisk settings menu and tap on Hide the Magisk App.
- Then give it the desired name of your choice and tap OK.
- The hiding process will now begin. Once done, it will ask whether you wish to have the app shortcut on the home screen.
- For ease of convenience, you may select Yes and then tap on the Add to Home Screen button.
STEP 8: Delete Play Service and Play Store Data
- Head over to Settings > Apps > See All Apps.
- Then select Google Play Service and go to its Storage and Cache section.
- After that, tap on Manage Space > Clear All Data.
- Once that is done, go back and select Google Play Store.
- Then go to the Storage and Cache section and tap on Clear Storage > OK.
STEP 9: Check SafetyNet Results on Pixel 7/Pro
Now that we are done with all the hard work, let’s check out the associated rewards. Do note that Magisk has now removed the option to check SafetyNet. So you will now have to take the help of a third-party app. As for this guide, we will be using the YASNAC – Yet Another SafetyNet Attestation Checker.
- So download YASNAC from the Play Store and install it onto your device.
- Then launch the app and tap on Run SafetyNet Attestation.
- You should now get the Pass result under both the basicIntegrity and ctsProfile sections.
That’s it. These were the steps to pass the SafetyNet Test and hide root from apps on your rooted Pixel 7/Pro using Magisk Hide Props Config. If you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.
METHOD 2: Pass SafetyNet without Magisk Hide Props Config [NEW]
The shorter of the two methods, this doesn’t require you to spoof the device’s fingerprint or flash the Magisk Hide Props Config, all thanks to tweaks made by the developer of the Universal SafetyNet Fix Module. So on that note, let’s get started with the steps to pass Safetynet on your rooted Pixel 7/Pro.
STEP 1: Hide Magisk App
- Launch the Magisk App and tap on the settings icon situated at the top right.
- Then tap on Hide the Magisk App > Enable the toggle next to Allow apps from this source.
- Assign a new random name to this Magisk app and hit OK.
- It will now ask for a home-screen shortcut, tap OK [recommended].
STEP 2: Enable Systemless Hosts
- Launch the Magisk App and tap on the settings icon situated at the top right.
- Then tap on Systemless hosts.
- Now go to the Modules section and verify that it has been added.
STEP 3: Enable Zygisk
- Launch the Magisk App and tap on the settings icon situated at the top right.
- Then enable the toggle next to Zygisk and restart your phone.
- Now launch Magisk and make sure that it says YES next to Zygisk.
STEP 4: Configure Denylist
Denylist is the new name for the traditional Magisk hide. You could use this functionality to hide root from the desired apps, apart from the three compulsory apps listed below.
- Launch the Magisk App and tap on the settings icon situated at the top right.
- Then enable the toggle next to Enforce Denylist. Now tap on Configure Denylist.
- Then expand the following apps and checkmark all its services
Google Play Service Google Play Store Google Service Framework Google Play Protect Service [if present]
- After that, do the same for the banking/payment app of your choice.
- NOTE: Upon restart, the Google Service Framework might get unchecked and Google Play Services might be missing from the DenyList. This is just a UI bug and nothing to worry about [as they are still active in the backend].
STEP 5: Flash Universal SafetyNet Fix Module
- Download the new Universal SafetyNet Fix module from below:
SafetyNet Fix module v2.3.1-MOD_3.0 [NEW]
- Then launch Magisk, go to the Modules section and tap on Install from Storage.
- Navigate to the downloaded safetynet module and select it.
- It will now be flashed. Once done, hit Reboot.
STEP 6: Delete Data
You will now have to delete the app data of all the apps from which you have hidden root. These include the compulsory Google apps and the desired apps of your choice.
- Head over to Settings > Apps and select Google Play Service.
- Then go to its Storage section and tap on Manage Space > Clear all data.
- After that, delete the data of Google Play Store and Google Play Protect Service [if present].
- Then tap on the overflow icon situated at the top right and select Show System.
- This will bring up the system apps. Select Google Service Framework and delete its data.
- Finally, delete the data of the banking/payment apps from which you have hidden root. Once done, restart your device [compulsory].
STEP 7: Check SafetyNet Test Results
- Download and install the YASNAC app from Play Store.
- Then launch it and tap on Run SafetyNet Attestation.
- You should now get Pass under both Basic Integrity and CTS Profile Match.
That’s it. these were the steps to pass SafetyNet on your rooted Pixel 7/Pro. If you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.
Rich
link to the safetyfix is broken.
Jackson
Thanks for the guide. Riru module may not be needed if Zygisk is enabled.