search

oasisfeng / island

Island for Android
https://play.google.com/store/apps/details?id=com.oasisfeng.island
Apache License 2.0
2.7k stars 203 forks source link

Microsoft InTune/Company Portal detects root for apps installed on Island #445

Open DrPhant0m opened 1 year ago

DrPhant0m commented 1 year ago

Device: Galaxy S22 Ultra (SM-S908E), unlocked bootloader, rooted with Magisk v26.1, Pass YASNAC test Goal: Use MS apps (Outlook, Teams) for work without InTune (Company Portal) detecting root and preventing use

Performed manual setup to create an Island Cloned Outlook, Teams, and "Company Portal" (InTune) apps to Island Froze above apps on Mainland Cleared app data, added above apps to denylist, using Shamiko

InTune initially passed device health check and allowed use of Outlook and Teams. Upon device restart, InTune found device to be "unhealthy" and reported that rooted devices are not supported. Clearing app data and setting up again results in "device unhealthy" evaluation again.
Functionality is not sustained.

Would like to know if the "Island" environment can be configured properly to create a sufficiently-isolated environment to sustain passing device health check on permanent or semi-permanent (simple recovery process) basis.

I would rather have posted this in a support thread on XDA or Discord or something... but GitHub is the only place I could find to post my issue/questions.

Thanks for any help!

GhettiGuru commented 1 year ago

Telegram might have been your better route because you would have found multiple methods of hiding root including using magisk delta, sensitive props hiding, safety net fix, even if you have to use riru and momohider, it may prevent the probable zygisk detect or exposed detection you are getting, but even better so you're in a sandbox separate profile for a reason, turn off multi user mode switch. No root gets to Island. I'm trying to get kernel super user people to add this functionality because this is the only way to use some applications that are very picky, there is no multi user mode switch you have Global root access for all profiles and island is no refuge. But for your sake you're lucky you can just disable root over there.

(It has been said that devices that actually support the play integrity bypass and the bootloader spoofers out there that exist for exposed, the bootloader speaker for only works for devices that don't show up broken tee when checked with momo sadly (xiaomi and the pixels work fine with it ..ect. But most likely Motorola and OnePlus show broken) those guys have claimed to pass full strong hardware back integrity over there on island with bootloaders spoofer xposed.