Feature request - By default, hide from every app

[dioni21]

Today we have to add which apps we want to hide magisk from. Just for paranoia, I want to hide it from everything except what I want to allow su.

I think hiding should be the default operation.

[topjohnwu]

I agree with your point too, but due to the way how MagiskHide currently works, that is not possible. However if Magisk only need to hide root, it is actually possible. I can introduce a new mode with this capability, but that will require tons of work, so it will not happen soon until all current Magisk issues are ironed out.

[dioni21]

Ok.. Thanks for your answer...

[djechelon]

Could it be at least possible to facilitate multiple selection (select all, none) in MagiskHide UI?

I am interested as well in this feature, because I prefer new applications not to be able to detect root unless I am explicitly installing an app I want to grant root to.

There is another reason than plain paranoia like the OP: I am afraid that apps that want to block root might, in the future, use hardware info (e.g. IMEI, which may be recommended by Google policy see note later) to create remote blacklists of known rooted devices. If that happens, your device might be doomed forever until you change to a device that has never been rooted or from which you preemptively hide root. And I tend to forget to open Magisk Hide when I install a new app.

At least AFWall+ provides you with a notification on every newly installed app to remind you to unlock firewall to the new app. Thanks to AFWall I have created the following code scenario.

In fact, I was surprised by your answer "due to the way MagiskHide works..." and the "lots of work" part.

In my mind, Magisk Manager app could listen to broadcast ACTION_PACKAGE_ADDED and simply tick the corresponding box in its UI. I looked at the code and it makes sense to me.

 Shell.su("magiskhide --add " + info.packageName).submit();

Quote from Google ID best practices. Some banks take root & developer mode seriously enough to start worrying

Abuse detection: Detecting high value stolen credentials

In this case, you are trying to detect if a single device is being used multiple times with high-value, stolen credentials (e.g. to make fraudulent payments).

We Recommend: IMEI/IMSI (requires PHONE permission group in Android 6.0 (API level 23) and higher.)

Why this Recommendation?

With stolen credentials, devices can be used to monetize multiple high value stolen credentials (such as tokenized credit cards). In these scenarios, software IDs can be reset to avoid detection, so hardware identifiers may be used.

[vvb2060]

@djechelon MagiskManager targetSdk=28 logcat -b events -s notification_cancel_all This is the only way to let us know that xxx may have been installed.

[djechelon]

Not sure @vvb2060. I understand I might not have done enough homework to discover that intent ACTION_PACKAGE_ADDED changed behaviour in Oreo, but I have tried to do some more research. Still, the docs don't say it's deprecated.

Stackoverflow linking the Docs

This says that you cannot register these intents in your manifest. You can still register them programmatically to receive them when your app is running.

So Magisk, who is already granted to receive ACTION_BOOT_COMPLETE or ACTION_LOCKED_BOOT_COMPLETED may use the two broadcasts, especially the second, to programmatically register the listener I had into my mind.

I see a pitfall: on SDK < 24 where Locked Boot is not available, I have no such information whether Boot Complete is broadcasted only at unlock or even when phone is locked. You are capable of installing apps via Google Play Store for the web even with phone locked. But I have no record of Whatsapp not pushing notifications until your first unlock the device.

[dioni21]

+1 to multiple selection

[Rolf-Smit]

I really think, these things should not be that hard:

• Notification (just a notification, that when clicked brings you to the "hide screen")
• Select/Deselect All

I might even consider making a PR for these things, if I know upfront what the acceptance criteria will be for these functionalities (if accepted at all). I don't want to waste my time 😁

[Didgeridoohan]

@Rolf-Smit Since you should not add too many apps to the Hide list, but simply those that explicitly look for root, I would save my precious time if I where you... Having too many apps and processes on the Hide list might have a detrimental effect on system stability.

[Nottt]

So is there any reason I shouldn't add all my apps to the hide list ?

[Originalimoc]

This should be revisited. F banks

[llucax]

Multiple selection and also a way to hide from all services from an app without having to "expand" the app services would also be very helpful.