Rooting, Flashing, & Bootloader Exploits

Magisk Modules & Play Integrity: How to Fool Google’s Attestation & Access Restricted Apps

By Antigravity Research Published May 29, 2026 ⏱️ 7 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Understanding Google Play Integrity API

The Google Play Integrity API is a crucial security mechanism implemented by Google to ensure that applications run in a trusted, unmodified environment. It verifies the authenticity of the device and the app, protecting against tampering, unauthorized access, and piracy. For rooted Android users, this API often presents a significant hurdle, blocking access to banking apps, payment systems, streaming services, and even certain games that demand a “certified” device.

How Play Integrity Works

Unlike its predecessor, SafetyNet Attestation, Play Integrity provides a more granular and robust set of signals. It checks various aspects of the device, including:

  • MEETS_BASIC_INTEGRITY: Checks if the device is running a legitimate copy of Android (not a pirated or modified version) and passes basic system integrity checks.
  • MEETS_DEVICE_INTEGRITY: Verifies if the device is a genuine Google-certified Android device. This check typically fails on rooted devices or custom ROMs that haven’t passed Google’s compatibility tests.
  • MEETS_STRONG_INTEGRITY: The strongest attestation, indicating that the device has a hardware-backed root of trust and is demonstrably authentic. This is the hardest to spoof.

When an app requests an integrity check, the Play Integrity API returns an attestation verdict. Apps can then use this verdict to decide whether to permit or deny functionality. For rooted users, the goal is to make the device appear as if it meets all required integrity checks.

The Evolving Challenge: Why Traditional Root Hiding Isn’t Enough

Magisk, the most popular rooting solution, excels at hiding root from most apps through features like MagiskHide (now superseded by Zygisk’s DenyList). However, Google’s Play Integrity API employs more sophisticated detection methods, often looking beyond simple root binaries or modified system partitions. It delves into device properties, bootloader status, and even hardware attestation. Therefore, simply enabling DenyList for problematic apps is rarely sufficient.

Essential Magisk Modules for Play Integrity Bypass

To effectively bypass Play Integrity, a combination of specialized Magisk modules is required. These modules work in tandem to spoof various device properties and hide modifications more deeply.

1. Zygisk and DenyList

Zygisk is Magisk’s successor to MagiskHide. It allows Magisk modules to run code in the Zygote process, enabling more powerful system-level modifications and hiding capabilities. DenyList is the mechanism within Zygisk used to prevent Magisk from injecting into specific app processes, effectively hiding root from them.

2. Shamiko

Shamiko is a critical Magisk module that works in conjunction with Zygisk’s DenyList. Its primary function is to prevent Magisk from being detected by apps that employ advanced root detection, even when those apps are on the DenyList. It essentially provides a cleaner environment for DenyListed apps, making them believe root isn’t present at all.

3. Play Integrity Fix (formerly Universal SafetyNet Fix)

This module is the cornerstone of Play Integrity bypass. It primarily works by spoofing device fingerprints and modifying system properties to make a rooted device appear as a certified, unrooted device to the Play Integrity API. The module relies on known, certified device fingerprints. It’s a continuous cat-and-mouse game, as Google frequently updates its detection, requiring updates to this module with new, valid fingerprints.

Step-by-Step Guide: Bypassing Play Integrity with Magisk Modules

This guide assumes you have a rooted Android device with Magisk installed and Zygisk enabled. Always ensure you are on the latest stable version of Magisk for the best compatibility and features.

Prerequisites:

  • Latest Magisk installed.
  • Zygisk enabled in Magisk settings.
  • Internet connection for downloading modules.
  • Basic familiarity with the Magisk app and flashing modules.

Step 1: Enable Zygisk and Configure DenyList

  1. Open the Magisk app.
  2. Go to Settings (gear icon).
  3. Ensure “Zygisk” is toggled ON.
  4. Tap on “Configure DenyList.”
  5. Toggle ON “Enforce DenyList.”
  6. Select all apps you want to hide root from (e.g., Google Play Store, Google Play Services, your banking apps, payment apps, streaming apps). It’s often safer to include all Google-related services and any app that gives you issues.

Step 2: Install Shamiko

  1. In the Magisk app, go to the “Modules” section (puzzle piece icon).
  2. Tap “Install from storage” (or download directly from within Magisk if available).
  3. Locate the downloaded Shamiko ZIP file and flash it.
  4. Reboot your device.

Shamiko works automatically once installed and Zygisk DenyList is configured. There’s no separate app or settings for it.

Step 3: Install Play Integrity Fix

  1. Download the latest version of the “Play Integrity Fix” Magisk module. Search for “Play Integrity Fix Magisk module” on trusted Android forums (e.g., XDA Developers).
  2. In the Magisk app, go to the “Modules” section.
  3. Tap “Install from storage.”
  4. Locate and flash the downloaded Play Integrity Fix ZIP file.
  5. Reboot your device.

Important Note: The Play Integrity Fix module might require frequent updates as Google’s detection methods evolve. Always ensure you have the latest version.

Step 4: Clear Data for Google Play Services and Google Play Store

This crucial step ensures that the changes made by the modules are registered by Google’s services. Old cached integrity tokens can prevent the bypass from working.

  1. Go to your device’s Settings > Apps (or Apps & Notifications).
  2. Find “Google Play Services.”
  3. Tap “Storage & cache.”
  4. Tap “Clear cache,” then “Clear storage” (or “Manage space” then “Clear all data”).
  5. Go back and find “Google Play Store.”
  6. Tap “Storage & cache.”
  7. Tap “Clear cache,” then “Clear storage” (or “Clear data”).
  8. (Optional but recommended) Do the same for “Google Services Framework” if it appears in your system apps. You may need to show system apps.
  9. Reboot your device one more time after clearing data.

Step 5: Verify Play Integrity Status

After completing all steps and rebooting, you need to verify if the bypass was successful. You can use apps like “YASNAC” (Yet Another SafetyNet Attestation Checker) or “Play Integrity Checker” available on the Play Store. These apps will show you the status of MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY, and MEETS_STRONG_INTEGRITY.

Ideally, you should see MEETS_BASIC_INTEGRITY: true, MEETS_DEVICE_INTEGRITY: true, and potentially MEETS_STRONG_INTEGRITY: true (though the latter is the hardest to consistently achieve and less frequently required by most apps).

Troubleshooting and Advanced Considerations

Module Order

In some rare cases, the order in which Magisk modules are loaded can matter. If you encounter issues, try uninstalling all integrity-related modules, then reinstalling them in this sequence: Shamiko, then Play Integrity Fix.

Outdated Fingerprints

If Play Integrity suddenly stops passing, it’s highly likely that Google has invalidated the fingerprints used by the Play Integrity Fix module. Monitor relevant XDA threads or module developer channels for updates to the module.

Persistent Issues with Specific Apps

Some highly sensitive apps might employ their own custom root detection or tamper detection mechanisms beyond Play Integrity. For these, you might need to explore more advanced techniques or accept that the app might remain inaccessible.

Bootloader Status

While Magisk modules aim to hide root and device modifications, the unlocked bootloader status itself can sometimes be a signal picked up by Google. For the vast majority of users, the modules address this. However, some devices or highly secured apps might still detect an unlocked bootloader. Re-locking the bootloader is generally not an option for preserving root and will wipe your device.

# Example command to check bootloader status (varies by device)# This is for informational purposes and not part of the bypassadb shell getprop ro.boot.flash.locked# Expected output for unlocked: "0" or "false"# Expected output for locked: "1" or "true"

Conclusion

Bypassing Google’s Play Integrity API is an ongoing cat-and-mouse game between Google and the Android modding community. While Magisk and specialized modules like Shamiko and Play Integrity Fix offer powerful solutions, users must remain vigilant for updates and be prepared for potential breakdowns as Google refines its detection mechanisms. By following this guide, you equip yourself with the knowledge and tools to navigate these challenges and reclaim full control over your Android device.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Bypass #Magisk #Play Integrity API #Root Android #Shamiko

Related Technical Guides

Fixing SafetyNet Failures: Comprehensive Troubleshooting for Magisk and Custom ROMs

May 30, 2026

Mastering KernelSU Module Management: Optimize, Secure, and Troubleshoot Your Rooted System

May 30, 2026

The Anatomy of a Qualcomm EDL Bypass: From Software Exploit to Full Control (No Test Point)

May 30, 2026