Company Portal Detects Zygisk

[FroggMaster]

Describe the bug Root / Zygisk is detected by Company Portal.

Steps To Reproduce

1. Install Latest Magisk (V27)
2. Hide Magisk Application package name
3. Add Company Portal, Teams, Google Play Store, Google Play Service to Hide List
4. Install ZygiskAssist, Zygisk-LSPosed, PlayIntegrityFork
5. Try to launch teams, Company Portal will detect root.

Context

• Device: Pixel 6 Pro
• OS: A14
• Version of Magisk, KSU or APatch: Magisk 27
• Other Root Module(s): Play Integrity Fork Zygisk - LSPosed Zygisk - Detach
• LSPosed Module(s): Lucky Patcher SnapEnhance XPL-EX Hide My Applist

Logcat

[jiatern]

Just commenting here how I managed to make it work with intune company portal:

• Magisk v27 stable, LSPosed mod by mywalkb, Hide-My-Applist (HMA) v3.2, latest Zygisk-Assistant
• Enable built-in zygisk > add Teams, Company Portal to Deny List > disable built-in zygisk
• Install zygisk-next
• Reboot

Seems like zygisk-next is essential to make this work.

[FroggMaster]

I appreciate the thought, but I've already got a bypass. I've written an article on XDA, along with many many hours testing different setups. The setup you've shared unfortunately does not work for me on a Google Pixel 6 Pro running Android 14.

Be happy to share more information with the developer so their root hiding methods work consistently. I had to use Shamiko over Zygisk-Assistant with a similar configuration and that does indeed work however. Latest detection methods are relative to Zygisk which is why you had to disable the native zygisk and use Zygisk-Next. It use's ptrace which has yet to be detected by most detection methods.

[jiatern]

Hi, glad to hear that you managed to bypass. Could you share a link to your article on XDA? Having another method as a backup is always great, in case my method gets patched. Thanks in advance!

EDIT: I found the thread ;)