Working and Nonworking Apps

Apps successfully tested with RootCloak

• DME Mail - Excitor - https://play.google.com/store/apps/d...xcitor.dmemail [1]
• Fox Digital Copy - Fox - https://play.google.com/store/apps/d...ticDigitalCopy [1]
• DirecTV GenieGo - DirecTV - https://play.google.com/store/apps/d....go.production [1]
• Best Buy CinemaNow - Best Buy - https://play.google.com/store/apps/d...id=com.res.bby [1]
• Bright House TV - Bright House - https://play.google.com/store/apps/details?id=com.BHTV [1]
• Mobile Pay - Apriva - https://play.google.com/store/apps/d...va.mobile.bams [1]
• AprivaPay - Apriva - https://play.google.com/store/apps/d...bile.aprivapay [1]
• BZWBK24 mobile - Bank Zachodni WBK S.A. - https://play.google.com/store/apps/details?id=pl.bzwbk.bzwbk24
• IKO - PKO Bank Polski SA - https://play.google.com/store/apps/d...d=pl.pkobp.iko [1] Note: app works, but without HCE contactless payments - native lib check: MVCMMOS : (jni/action/response_functions.c:35) void deleteDatabase(): DEVICE IS ROOTED
• Bradford Mobile Agent - Bradford Networks - https://play.google.com/store/apps/d...rdnetworks.bma [1]
• ParcelSend - Australia Post Digital - https://play.google.com/store/apps/d...au.com.auspost [1]
• Worx Home by Citrix - Zenprise - https://play.google.com/store/apps/d...d=com.zenprise [1]
• Movies by Flixster - Flixster - https://play.google.com/store/apps/d...ixster.android [1]
• Sparkasse - Star Finanz GmbH - https://play.google.com/store/apps/d....sfinanzstatus [1]
• City Video (Citytv) - Rogers Digital Media - https://play.google.com/store/apps/d...s.citytv.phone [1]
• ラブライブ！スクールアイドルフェスティバル - KLab - https://play.google.com/store/apps/d...droid.lovelive [1]
• 예스24 전자도서관 (Yes24) - YES24 - https://play.google.com/store/apps/d...om.incube.epub [1]
• Yuppi - Yuppi Mobil A.Ş. - https://play.google.com/store/apps/d...m.ovidos.yuppi (as of v1.2) [1]
• AirWatch MDM Agent - AirWatch - https://play.google.com/store/apps/d...h.androidagent (as of v1.2) [1]
• Divide - Enterproid - https://play.google.com/store/apps/d...ivideinstaller (as of v1.3)
• TV 2 Play - TV 2|Danmark - https://play.google.com/store/apps/d...dk.tv2.tv2play
• InBank - Phoenix Informatica Bancaria Spa - https://play.google.com/store/apps/d...enixspa.inbank
• Cubovision - Telecom Italia S.p.a. - https://play.google.com/store/apps/d...lia.cubovision
• IDNow - IDNow GmbH - https://play.google.com/store/apps/details?id=de.idnow&hl=en
• DKB-Card-Secure - Deutsche Kreditbank AG - https://play.google.com/store/apps/details?id=com.entersekt.authapp.dkb (Used 3.0-beta_20160731_2 with native hooking. App 1.0.0.86 uses "sh -c /system/bin/ps | grep -v substrate | grep -v Superuser | grep -v daemonsu | grep -v rootcloak2 | grep -v supersu | grep ..."
• PhotoTAN Raiffeisen Schweiz (6.1.2) - Raiffeisen Schweiz Genossenschaft - https://play.google.com/store/apps/details?id=ch.raiffeisen.phototan
• IRCTC Rail Connect (2.0.6) https://play.google.com/store/apps/details?id=cris.org.in.prs.ima
• Vipps - DNB - https://play.google.com/store/apps/details?id=no.dnb.vipps
• WRC - The Official App - https://play.google.com/store/apps/details?id=laola1.wrc
• HamrahCard (Ayande Bank) - https://play.google.com/store/apps/details?id=com.adpdigital.mbs.ayande&hl=en

[1] Default app in RootCloak

Apps not working in RootCloak (reason TBD)

• Puzzles & Dragons - GungHoOnlineEntertainment - https://play.google.com/store/apps/d...=jp.gungho.pad
• McAfee EMM - McAfee Mobile Security - https://play.google.com/store/apps/d....apps.emmagent
• Virgin TV Anywhere - Virgin Media - https://play.google.com/store/apps/d...dia.tvanywhere
• Starling Bank - Starling Bank - https://play.google.com/store/apps/details?id=com.starlingbank.android

Apps with calls most likely can never be directly intercepted by Xposed

• WebTV - Stofa - https://play.google.com/store/apps/d...om.stofa.webtv
  Method: Detects root by checking for the existance of the su binary. It uses fopen() and access() in order to do this check via native library (built with Android NDK).
• Yelo TV - Telenet - https://play.google.com/store/apps/d...e.telenet.yelo
  Method: Detects root via native library (built with Android NDK). Unsure of exact method, but the strings "ERROR: Device is rooted. aborting execution" and "ERROR: Debbuger running. aborting execution" can be found in the library.
  Relevant Files: libDxDrmDlcCore.so
• Sky Go - BSkyB - https://play.google.com/store/apps/d...om.bskyb.skygo
  Method: Most likely detects root via native library (built with Android NDK). Unsure of exact method, but the Java portion of the app contains "VGDRM_STATUS_DEVICE_IS_ROOTED = -41942891", and based on the library name, it's a safe bet.
• Barclays Mobile Banking - Barclays - https://play.google.com/store/apps/d...smobilebanking
  Method: Most likely detects root via native library. Using FileObserver you can see it accessing /system/(x)bin/su, but since I am hooking all File constructors and exec() methods, there is no way it is done without the native library.
• S-pushTAN - Star Finanz GmbH - https://play.google.com/store/apps/d...ndroid.pushtan
  Reason: Uses a native library to check for root. There is a callback inside the Java code, so it's possible to intercept that at the Java level, but that can be patched fairly easily.
  Relevant Files: libshield.so
• Pokemon Go Reason: SafetyNet

Apps that need more testing/analysis

• Good for Enterprise - Good Technology - https://play.google.com/store/apps/d...od.android.gfe
  Reason: It doesn't seem to check for root using the NDK, but I cannot be sure. The updates that I have made to RootCloak may handle GFE, but I have no way of testing.
• D3 GO - D3 GO - https://play.google.com/store/apps/d...ware.twintv.d3
  Reason: Seems to be working for some users and not working for others. Investigating further.