I can’t root my phone because I don’t have an image for it (Moto G73) although I’d like to, but for some reason my banking app thinks it’s rooted and refuses to work. This happened just after I updated it, it wasn’t happening before.

Edit: I’m regretting not getting the Motorola Edge 40 Neo, which also costs £250, but is slightly better in multiple ways, and seems like it has better root support.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    173
    arrow-down
    4
    ·
    edit-2
    10 months ago

    If you didn’t root your phone, but multiple root detection apps go off (don’t just try one), there’s a good chance some piece of malware managed to root your phone. This is exactly the scenario banking apps include root detection kits for. It could be a false positive, but this certainly warrants further investigation.

    If other apps also indicate root access (i.e. antivirus apps), it’s probably best to restore factory settings and hope this clears up the infection. If it doesn’t, you’ll need to restore the entire system from a factory image (if that’s possible in the first place) and hope your phone doesn’t get infected again.

    I would advice installing multiple antivirus apps and having them scan your phone. If they also tell you you’ve been rooted, I would trust them to tell the truth. If they don’t report root access, but do report a bunch of viruses, the virus may have found a way to evade root detection by AV and may be installing weird apps in exchange for money from shitty ad fraud companies. If none of them are throwing up any warnings and only this specific app is complaining, you might want to wait a while and see if it goes away; if could just be a bug in your banking app.

    If you can’t clear the infection, I’m afraid your phone is rootkitted. In that case, I would recommend you not to use it for anything important. To prevent your phone becoming part of a botnet, you might need to remove your SIM, not enter your WiFi credentials after the next factory reset, and consider leaving it off entirely. If you start needing to enter more and more CAPTCHAs to enter websites, that can be a sign of some kind of infection on your network. If you’ve noticed something like that recently, it may be connected.

    Your phone was last updated almost a year ago, so if you were infected, it may just be a matter of time before you’re infected again. Edit: I was wrong, it’ll receive security updates until early 2026. Staying away from pirated apps and apps from sketchy sources may help prevent reinfection.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        edit-2
        10 months ago

        Hmm, weird. That website wasn’t in any of my Google search results. I guess it’s because of their weird SPA design? It also seems to provide security update information from before the phone was released? Your link just provides a bunch of details about CVEs for me.

        But I looked again at the Motorola site and it does appear the phone receives updates up until 2026, so you’re absolutely right. Motorola should really publish this data somewhere easier to find, IMO.

    • JackGreenEarth@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      10 months ago

      Hypatia, which is the only antivirus I could find on F-Droid, didn’t return any negative results. It would be helpful to be able to monitor my internet and what connections my phone is making, but all I have is simple net monitor, which can tell me the speed and nothing else. I can see there’s background network activity, but no way to tell if it’s legitimate (for something like syncthing) or malicious.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        15
        ·
        10 months ago

        An app with root access can easily bypass the statistics gathered by these apps, unless those apps are run as root.

        I don’t know Hypathia, I’d suggest grabbing something from the Play Store (through Aurora, if you must).

        If you degoogled your phone through a different ROM, the app is probably triggering on the fact you’re running with an unlocked bootloader rather than just root access.

        • JackGreenEarth@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          6
          ·
          10 months ago

          Im not running with a different ROM, but I did unlock the bootloader in case I did ever find a way to root my phone/install a custom ROM, I wouldn’t lose my data.

          • fmstrat@lemmy.nowsci.com
            link
            fedilink
            English
            arrow-up
            7
            ·
            10 months ago

            This is your problem. Big ROM makers typically have a list of banking apps they work with. Could also happen if you don’t have Play Services.

          • ipkpjersi@lemmy.ml
            link
            fedilink
            English
            arrow-up
            3
            ·
            10 months ago

            That would probably do it. Now you’re kind of out of luck because without root you can’t hide that you unlocked your bootloader, so you’d have to either get root or not use the app or restore to stock locked bootloader.

          • Troy@lemmy.ca
            link
            fedilink
            English
            arrow-up
            11
            ·
            10 months ago

            A lot of exploits exist to root a phone. Bad apps can abuse those exploits.

          • laurelraven@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            8
            ·
            10 months ago

            You don’t actually need an image to root a phone, that’s not what rooting is… It’s just gaining full administrative privileges over the device

          • jayandp@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            10 months ago

            There are exploits out there either kept secret by malicious/proprietary parties, or not practical for consumer desires to get a proper rooted experience.

            Pretty much the only method to fix it if you’re affected that I can think of is to factory reset your phone with a manufacturer provided image, and even then it’s not 100% guaranteed if the bootloader is compromised.

      • ilinamorato@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        10 months ago

        They did. It was a project initially called “Boot to Gecko,” about a decade ago; and the idea was to make a Linux kernel OS so lightweight that you were running web apps as close to bare metal as possible. There were intended to be no binary apps, only web apps running on open standards; though that didn’t necessarily carry through as originally intended.

        I agree. I think it was before its time and would be a real boon today.

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          10 months ago

          I can’t remember much about it but I seem to remember that the actual hardware itself was very entry level which was part of the problem. It really would have done better to appeal to enthusiasts.

          I get that it was marketed at third world countries, but I still think they would have done better had they had a western version with more up-to-date specs as well, if only to get the kind of market share that would encourage app developers.

          • ilinamorato@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            10 months ago

            Yeah, I read a retrospective written by one of the developers, and it sounds like they had the trouble that they could only get development partners for low-end devices (which kind of meant that they had to target developing countries) but they couldn’t get companies like WhatsApp to make web apps that would run on Firefox OS (which meant that it was kind of a non-starter in those developing countries).

            Couple that with some questionable priority decisions at the top of the project, and a major reshuffling of Mozilla’s organizational aims near the end of the project, and it all just sort of fell apart. I do kind of wonder if it would have done better today, or maybe as a tablet or a Roku competitor.

    • jayandp@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      10 months ago

      It kinda did survive. KaiOS is forked from Firefox OS, though it’s more designed for Kinda-Smart feature phones in developing countries.

      • ilinamorato@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        10 months ago

        Yeah, and that’s cool, but it is significantly different from the original implementation (or at least the original idea) since it is a keypad-based device. You couldn’t really flash it onto an Android handset, for instance, as I understand it.

  • Jiří Král@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    41
    ·
    edit-2
    10 months ago

    Did you unlock your bootloader? Some apps just scan for Google Play SafetyNet or in some other way to check whether you unlocked your bootloader or rooted and if they think you do they will vaguely state you are rooted.

    Other’s concern about your phone being infected are justified and I recommend you to try whether a dedicated root checking app thinks your phone is rooted. These usually don’t lie.

    Regarding your rooting situation I always rooted the lazy way. Renamed magisk.apk to magisk.zip, flashed it and it always worked for me. But I rooted only 2 phones in my life really and this is not the recommended method by magisk developer.

    • JackGreenEarth@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      10 months ago

      Does that really work? Because if that works and I can’t find an image file, that’s the only way. I can still factory reset it after it messes up my device, right?

      Uodate: no, it doesn’t

      Device platform: arm64-v8a

      • Installing: 27.0 (27000)
      • Processing zip file ! No boot image found ! Process error ! Installation failed
      • Jiří Král@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        10 months ago

        Did you flash a custom ROM? Maybe it will work with a custom ROM.

        EDIT: Your phone uses Mediatek processor, so it’s not going to be well supported. I recommend you to stick to locked bootloader and just live with the phone as it is.

  • Flax@feddit.uk
    link
    fedilink
    English
    arrow-up
    28
    ·
    10 months ago

    I’ve had a banking app think my phone was rooted before. Had to basically switch banks.

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      6
      ·
      10 months ago

      I remember when I got a new phone and I could not figure out how I was supposed to get the banking app on my phone so I called the bank and they said oh you just have to remove the app from your old phone.

      Weird but ok.

      Thing is, what if I don’t have the old phone what am I supposed to do then banking app people? The rep really couldn’t get her head around the idea that the phone was in at the bottom of a lake.

      Then I had to go through this carry-on where I had to send in all sorts of bits of info and then the video of me waving just so they let me install the app again. And that’s on top of all of the other security the banking app already has.

      • Blue_Morpho@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        Then I had to go through this carry-on where I had to send in all sorts of bits of info and then the video of me waving just so they let me install the app again.

        That sounds good. Otherwise anyone could steal your bank account by saying “I lost my phone.”

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          10 months ago

          They would still need my password to sign in so really they’re just adding unnecessary layers of complication but they’re not actually adding any security since anyone who can know my password can fake all the other stuff as well.

  • bulwark@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    10 months ago

    Lineage OS user here, my banking app got an update a while ago that stopped trusting my finger scanner because I’m rooted. Luckily it still allows passwords or else that would be a deal breaker.

    *Edit, now that I think about it I’m not even rooted, just an unlocked boot loader.

  • ma11en@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    10 months ago

    Is your system software fully updated?

    Are you running a Beta version of the system software?

    • Cheems@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      10 months ago

      My bank just merged with another and released a new app. Immediately when trying to log in it said that the app can’t be used with developer mode enabled.

      • JackGreenEarth@lemm.eeOP
        link
        fedilink
        English
        arrow-up
        16
        ·
        10 months ago

        With developer mode enabled? I have that enabled, although my error message is about root. With a degoogled stock ROM, you have to have adb to backup system data, it’s crazy your bank was blocking that.

        • Cheems@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          I hate my bank and I was planning on switching. The next day I tried again and it worked fine. I’m still planning on switching though.

    • Osiris@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      10 months ago

      Credit unions are better but that doesnt mean their app will work on a rooted device
      Source: My credit Union app doesnt work on my rooted devices 🙃

    • yeehaw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      13
      ·
      10 months ago

      For the unaware, here’s a concise explanation of the difference from chatgpt:

      Banks and credit unions both offer financial services, but there are key differences. Banks are for-profit institutions, owned by shareholders, while credit unions are nonprofit, owned by their members. Credit unions often offer higher interest rates on savings and lower loan rates, but banks typically have a broader range of services and more extensive ATM networks. Your choice may depend on priorities like fees, customer service, and community focus.

      • wahming@monyet.cc
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        10 months ago

        Stop using AI to ‘explain’ stuff which may or may not be accurate

        • yeehaw@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          10 months ago

          I’ll stop when people stop using Google for the same reason 😂. Nobodies lives will be harmed over this explanation, you may relax.

  • ToxicWaste@lemm.ee
    link
    fedilink
    English
    arrow-up
    13
    ·
    10 months ago

    maybe a stupid question: But doesn’t android sandbox every app? If every app is running in a sandbox, it shouldn’t be too hard to pretend your phone isn’t rooted.

    If they check for a specific version number, like @RagingRobot mentioned, it also shouldn’t be a problem. Just set that specific sandbox to return whatever version you want.

    I am aware that ‘just configure the sandbox’ is not really an accessible solution. But a sandbox-config-master would be a great app for rooted phones.

    • JackGreenEarth@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      19
      ·
      10 months ago

      Well apparently rooted phones can pretend to apps they’re not rooted. Problem is, my phone isn’t actually rooted.

        • yamanii@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          10 months ago

          Do it, my local government app at least had the decency to explain it was the developer mode being on and not root.

        • JackGreenEarth@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          I use developer options on a regular basis, so that won’t be a permanent solution, but I could test to see if it is that.

  • RagingRobot@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    10 months ago

    This happened to me once when I updated Android. The bank software had a check for a specific version and my version was higher so it thought I was running something weird. I had to wait for the bank to update the app to support the newest android version

  • MystikIncarnate@lemmy.ca
    link
    fedilink
    English
    arrow-up
    13
    ·
    10 months ago

    I have too many gripes with banks and how they handle digital interactions.

    They’re a bunch of dinosaurs, both in what they support and how they support it. They’re also in a position where they feel like they can do what they want and you just have to suck it up.

    And for the most part, they’re right, because all the banks are equally bad. A nontrivial number of the apps are just chrome running in an app window, security is a joke, they make you sign in with your card number which is plainly visible to anyone with eyes that is within a few meters of your card anytime you have it out of your wallet, they restrict your password so you can’t use special characters or have it be long enough to actually provide real security, and they limit your 2FA options to SMS. Everything is terrible.

    Even when you go into the bank or use the ATM, access is restricted by a fucking FOUR DIGIT NUMERICAL PIN and if you can even use a longer pin code, they don’t tell you that and most systems assume your pin is four numbers and won’t let you enter any more than that.

    God forbid you lose your card, good luck going through the gauntlet of outdated information the bank is going to ask about for you to prove you are who you say you are.

    They’re all the fucking same and it infuriates me.

    • BURN@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Banking tech is still run on FORTRAN and COBAL. It’s ancient and pretty much can’t be upgraded. Until there’s a major push for new technologies across all banking it’ll keep being this bad

      • MystikIncarnate@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        They can create interfaces to buffer our experience with their back end (the COBOL running the actual transactions), which is largely what they’re doing.

        The COBOL back end basically just acts as the service that handles the data that represents the money and accounts.

        Not having advanced security options, even as simple as complex passwords to allow clients to access their accounts can be managed by the intermediate layer between the COBOL service and the UI, and there shouldn’t be a reason for such limited password length or restrictions on MFA.

        The fact that COBOL runs they’re back end doesn’t excuse the terrible front end, especially on applications for mobile devices.

        This has been thrown around as reason why things suck so hard, and bluntly, it’s a piss poor excuse if you ask me.

    • Dark ArcA
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Capital One provides OAuth for (budget) apps to access at least.

  • lemmyvore@feddit.nl
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    10 months ago

    Install TB Checker and use the various detection modes to figure out what the bank app might be picking up on.

    They check for a lot of (dumb) things instead of just checking for Play Integrity like they’re supposed to. For example it might be detecting an app that could be using root, even if it’s not, and assume that means you must be rooted, even though you’re not. 🤷