UPDATE – JANUARY 13, 2021 – UNIVERSAL FIX FOR SAFETYNET (ALL THANKS TO kdrag0n)
kdrag0n has shared a Universal Fix for Google SafetyNet on Android devices with hardware attestation and unlocked bootloaders. You can now install a Magisk Module that will fix the ctsProfile Failed issue. On the official Github page, kdrag0n has mentioned that –
This Fix defeats both hardware attestation and the new CTS profile updates, without any changes to device or model names, as long as you can pass basic attestation (i.e. fingerprints). No device-specific features (such as the Pixel-exclusive Google Assistant design) will be lost. MagiskHide is required if the device is rooted. Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question.
UPDATE – HERE IS ANOTHER METHOD THAT WILL HOPEFULLY HELP YOU FIX THE CTS PROFILE FALSE ISSUE
NOTE – TRY THESE STEPS ON YOUR OWN RISK. WE WON’T BE RESPONSIBLE IF ANYTHING GOES WRONG.
Here are the steps –
First, go to the Google Play Store & download “Termux,” an Android terminal emulator and Linux environment app.
Next, open Magisk Manager & from the left side menu, select the “Downloads” option.
There, you need to Install two Magisk Modules – Busybox for Android NDK & MagiskHide Props Config.
You can either Install one Module & then reboot and then Install the other, or Install One, go back, install the second, and then reboot. Both will work.
Once the phone reboots, we need to do one final thing, which is the most important step. Before moving to the next step, check if both the modules are shown as installed or not in Magisk Manager.
Open the Termux app & then type “su” and press Enter. This will grant Superuser Rights to the app.
Next, type “props” & press Enter. You will see a lot of options & numbers in front of them to choose from.
You need to choose the option that says “Edit Device Fingerprint.” It should be the Number “1,” but double-check it on your device.
Enter that Number & press Enter.
Again, you’ll see some options & from there, choose the one that says “Pick a certified fingerprint.” This time, instead of numbers, you will see letters in front of each option like “f,” “v,” “s,” “b,” etc. Enter the letter in front of the option (Pick a Certified Fingerprint) & press Enter.
Now, you’ll see a long list of various Smartphone companies, so from here, you need to choose your phone’s company. For Example, if your phone is the Asus Zenfone Max Pro M1, choose “Asus.” Here also, you need to type the number in front of the company name & then press Enter.
Now, it’ll show you various devices from that company. If your device is there on the list, you’re good to go. Otherwise, you’re not lucky, so you will have to wait for some other method.
Select the number in front of your Phone’s name & then press Enter.
Finally, it will ask if you want to continue. If you have followed everything above & selected the right options, write “y” & press Enter.
Finally, press “y” to reboot your device & press Enter. Now, your phone will reboot.
After all these steps, you will see that in the Magisk Manager, it no longer says “false” in front of the ctsProfile option. Also, in the play store, it’ll say “Device in Certified.” Hopefully, now you will also be able to use Payment apps like Google Pay on your device (Hopefully).
UPDATE: 2020 – IN MARCH 2020, GOOGLE MADE SOME CHANGES WHICH RESULTED IN MAGISK, NOT ABLE TO PASS SAFETYNET. HERE IS A WORKAROUND FOR THAT TO FIX THE CTS PROFILE FALSE ERROR (SAFETYNET FAILED).
We will use Xposed Framework for the Workaround, but you need to have your device rooted via Magisk and have the Magisk Manager installed on your phone since we need the Magisk Modules. Now, there is no way to know if Xposed Framework will be working on all the devices, so this means there are chances of it not working on your device.
First of all, here are all the files that you need to download on your device –
HERE ARE THE STEPS TO FIX MAGISK CTS PROFILE FALSE ERROR WITH THE NEW METHOD
First, Install Riru Manager. In case you get the Unknown Sources error, enable ‘Allow from this source’ and Install it.
Once you install it, go to Magisk Manager, then, from the left side menu, go to the Modules section. Tap on the Plus Button.
Now, if you don’t have the ‘Show Internal Storage’ option enabled in File Manager, then tap on the three dots on the top right corner and select it. In case it is already enabled, you will see the ‘Hide Internal Storage’ option in its place. So, you don’t need to do anything.
Navigate to the folder in the internal storage where you have all the downloaded files and then select the ‘MAGISK RIRU-CORE’ ZIP file. Once installed, Reboot the phone. (Check the Modules section in the Magisk Manager if the module has been installed properly. You will see a checkmark if it is installed successfully).
In the App Drawer, you will now see a new app called ‘Riru.’ Open it, and if it says ‘Everything Looks Fine,’ then you’re all set to follow the next steps. If you get any error, try installing Riru Module again.
Now, once again, go to the Magisk Manager > Modules and then press the Plus button. Now, we need to install the ‘EdExposed Module,’ and as mentioned above, there are two versions to choose from. You have to try and see which one works for your device. We will recommend starting with the ‘Yahfa’ version first. Once again, once installed, reboot the phone. After reboot, once again confirm if the module is installed properly.
Now, go to the File Manager and then install the ‘EdExposed Manager’ via the APK file. You will see the App in the App Drawer.
Open it to see if there are any errors or not. If there are any, then this means the ‘Yahfa’ version didn’t work. So, in that case, go to the Module section, remove the Yahfa version, reboot the phone, and then install the ‘Sandhook’ version.
Finally, install the ‘HiddenCore’ Xposed Module via its APK file. Now, go to ‘EdExposed Manager,’ swipe from the left side, select the ‘Modules’ option, then enable the ‘HiddenCore’ Module. Now, reboot your phone.
After Reboot, you should check if the ‘HiddenCore’ module has been enabled successfully in the EdExposed Manager.
Well, that’s it! Now, go to Magisk Manager, tap to start the SafetyNet Check, and you will now see that the ‘ctsProfile’ shows as True! This means we successfully did the SafetyNet Bypass.
NOTE THAT IF THIS METHOD ALSO DOESN’T WORK, THEN WE WILL HAVE TO WAIT FOR THE DEVELOPERS TO FIND ANOTHER FIX FOR THIS.
Props to ‘Munchy‘ to share this method on his YouTube Channel.
Before starting with the steps to fix the Magisk CTS Profile False/Mismatch Errors, let’s first understand what is ‘SafetyNet.’ We all know that rooting our Android phones give us a lot of freedom. We can do some great things with a rooted smartphone-like installing a custom ROM, a custom Kernel, overclocking the processor, etc.
But, if you have a device with which you use Google’s Android Pay, then it won’t work if you root your phone. SafetyNet is a thing that Google uses to detect whether your Android smartphone is rooted or not, and if it detects that you have a rooted phone, certain apps can block you from accessing them. We have seen this with the Netflix app that users cannot even find the app to download from the Play Store if their devices are rooted.
Magisk, as most of you might know, is a Universal Systemless Interface to create an altered mask of the system without changing the system itself. (Thanks, XDA). With Magisk and Systemless root, we can skip most of the SafetyNet tests, revert but the thing is that Google’s Compatibility Test Suite (CTS) is still a problem.
So, you might get the ‘Magisk SafetyNet CTS Profile Mismatch Error’ even if you have the Magisk installed on your android phone. Assuming that you have already installed the Magisk, let’s start with the steps to fix this error.
TIP – You can check your SafetyNet status from the Magisk Manager. You will find an option that says ‘Tap to start SafetyNet Check.’ Tap on that, and it will show you the status.
STEPS TO FIX THE CTS PROFILE MISMATCH ERRORS – FIX CTS PROFILE MATCH FALSE
1. WHY NOT USE MAGISKSU?
So, the thing is that if you have rooted your smartphone and it is having any other root manager than the MagiskSU, then the chances are that it doesn’t hide from Google’s SafetyNet, and you get the error. SuperSU, the most popular root manager app, is on almost every rooted device so, if you want to get rid of the CTS error, make sure that you are using MagiskSU and not SuperSU.
If you have the Xposed Installer installed, then uninstall it. No need to worry about all the modules you were using. You can install the systemless version of the Xposed using Magisk. To uninstall Xposed, go to Framework > Uninstaller and choose the ‘Uninstall’ option. After the process completes, reboot your device by tapping on the ‘Reboot’ option.
This step is a bit trickier, and if you have made any changes in the system after rooting your phone, you need to revert them. For Example, let’s suppose you removed the bloatware apps via Titanium Backup. So, you need to install them again. Or, let’s assume that you used AdAway to remove ads. So, you need to remove that also. And we all know what’s the best way to revert all the changes – Flashing the Stock System Image of your phone.
Now, you need to Unroot via the option in SuperSU and then restore the Stock Boot Image of your phone. For that, Go to the SuperSU app and then settings. There, you will find an option called ‘ Full Root.’ Just tap on that and tap ‘Continue.’ Now, it will ask you if you want to restore the stock boot image. Here, make sure that you tap on the ‘Yes’ option. Now, for installing Magisk, you need TWRP installed, so if you already have TWRP, you need to tap on ‘No’ when SuperSU asks if you want to restore the stock recovery image.
Now, you need to install the Magisk zip. For this, head to the Magisk Manager app and go to the Install section. Here, you will find an option named ‘Download.’ Tap on that, and once downloaded, boot into recovery. Once you are in TWRP, tap on ‘Install’ and select the Magisk ZIP file from the Magisk Manager folder. To flash the ZIP file, slide the button to the right and when finished, tap on ‘Reboot System.’
Now, go to the Magisk Manager app, and go to settings. Here, make sure to enable Magisk Hide, BusyBox, and Systemless hosts options. Lastly, clear the data of the Play Store by going to Settings > Apps > Play Store > Manage Space > Clear Data.
Now, head to the Magisk Manager app and go to Magisk Hide. Make sure that this option is enabled, and it will be used to hide additional apps like Google Play Store and Google Services Framework and other apps that you think are having issues with SafetyNet.
If you cannot fix the CTS Profile Mismatch error even after doing everything mentioned above, you can try unSU. We have to use this because, i.e., even after doing the ‘Full Unroot’ via the SuperSU, not all the data of the SuperSU is removed. The developer osm0sis has created a flashable zip that you can download and flash via TWRP. The flashing procedure is the same as you flashed the MagiskSU ZIP.
We also don’t know why but the CTS Profile Mismatch error can occur even with Magisk installed if you have turned on the ‘USB Debugging’ Option. So, you need to head to the Settings? Developer Options and then turn off the ‘USB Debugging.’ Lastly, do a reboot and check if the issue has been fixed or not.
4. SET SELinux BACK TO ‘ENFORCING’ MODE
This is a pretty simple step. So, back in time, if you ever changed the SELinux mode to ‘Permissive,’ you need to revert it to ‘Enforcing,’ i.e., the default mode. So, open the same app via which you change the SETLinux Mode to Permissive and change the mode back to ‘Enforcing.’ Now, you need to reboot the phone. You can find the apps to do so on XDA easily.
Having a custom ROM? Well, then you can try installing a custom Kernel. Why are we saying this? The CTS is used by Google to verify that the device and its firmware meet the certification standards. A phone with custom ROM won’t pass this test. But, there is still away. You need to install a custom Kernel known as the ‘Franco Kernel,’ and to install this, you need to buy an app called ‘Franko Kernel Updater’ or ‘FKU.’ Once you have installed it, open it and then tap on ‘Download’ option. Don’t wanna spend money? Well, head to XDA, and you can find the best ‘Franco Kernel’ ZIP file for your smartphone for free.
The Franco Kernel helps so that the apps that use SafetyNet check the Basic Integrity don’t get any error.
6. ENABLE MAGISK CORE ONLY MODE
This is probably the best thing to do if all the things mentioned above aren’t working. See, when you head over to the settings of Magisk Manager, you will see an option that says ‘Magisk Core Only Mode’ under the ‘Magisk’ options. Many users have reported that turning this particular option ON fixes the magisk CTS Profile false error. Google has already updated its SafetyNet to check if there is Magisk on a particular device or not. So, enabling the Core Only Mode helps a lot in this case.
So, what this option does? Well, enabling Masigk Core Only Mode means that all the Magisk Modules currently active are disabled, and so, the only thing your phone has is the Superuser from Magisk and the root access. This step helps because sometimes, certain Magisk modules cause issues with the SafetyNet test. And yes, make sure to reboot once you enabled the Magisk Core only mode.
7. SOME USERS FIXED IT LIKE THIS
Many users have recommended some more ways to fix the CTS Profile Mismatch error on their device. First, you need to go into the Magisk Settings, and there, check if the ‘Magisk Hide’ option is turned on or not. If it is turned on, then turn it OFF and again turn it ON. Check if the error is there or not. If it is, turn off the Magisk Hide option, reboot the phone, open Magisk Settings, and turn On the Magisk Hide again.
If this too doesn’t fix it, then there is one more method suggested by some users who faced this problem. In the Magisk Settings, you will find two options – ‘Systemless Hosts’ and ‘Enable Busybox.’ Disabling these two options may also help in fixing the CTS Profile False error.
8. WELL, YOU HAVE TO DO IT NOW!
This is a step that no one would like to take if the CTS Profile False issue occurs. Well, if nothing works, then the only way you have left to fix that error is to install the stock ROM again, install the custom recovery again, then flash the Magisk ZIP file to gain the root access and check if the issue persists now or not. If you are lucky, the issue will be gone completely.
If you have a Xiaomi phone with a custom ROM installed, you can use this Magisk Module to pass the CTS test.
This was a detailed guide about fixing the CTS Profile Mismatch Error or Magisk Basic integrity False error even with Magisk installed. If the steps mentioned above don’t work, you need to start from scratch, i.e., flash Stock ROM, install TWRP, flash Magisk ZIP and do the same thing again. Did the steps work for you? Do let us know via the comments section.
What is CTS profile mismatch?
CTS means Compatibility Test Suite & CTS Profile Mismatch is an error that causes SafetyNet check to fail, even if you have Magisk on your device.
What is the SafetyNet Check?
Google Developed SafetyNet & it is an API (Application Programming Interface) that is used to detect if a certain device is in a good state or not.
How Do I Fix How do I fix Magisk SafetyNet?
1. Use MagiskSu2. Try unSU3. Turn OFF USB Debugging4. Set Selinux Back to Enforcing5. Try a Custom Kernel
How do I Enable Magisk Hide?
Open Magisk Manager App, then swipe from the left & select Magisk Hide. Now, you can turn on and off it for certain apps.