Giters

oasisfeng / island

Island for Android

Home Page:https://play.google.com/store/apps/details?id=com.oasisfeng.island

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Microsoft InTune/Company Portal detects root for apps installed on Island

DrPhant0m opened this issue · comments

commented

Device: Galaxy S22 Ultra (SM-S908E), unlocked bootloader, rooted with Magisk v26.1, Pass YASNAC test
Goal: Use MS apps (Outlook, Teams) for work without InTune (Company Portal) detecting root and preventing use

Performed manual setup to create an Island
Cloned Outlook, Teams, and "Company Portal" (InTune) apps to Island
Froze above apps on Mainland
Cleared app data, added above apps to denylist, using Shamiko

InTune initially passed device health check and allowed use of Outlook and Teams.
Upon device restart, InTune found device to be "unhealthy" and reported that rooted devices are not supported. Clearing app data and setting up again results in "device unhealthy" evaluation again.
Functionality is not sustained.

Would like to know if the "Island" environment can be configured properly to create a sufficiently-isolated environment to sustain passing device health check on permanent or semi-permanent (simple recovery process) basis.

I would rather have posted this in a support thread on XDA or Discord or something... but GitHub is the only place I could find to post my issue/questions.

Thanks for any help!

commented

Telegram might have been your better route because you would have found multiple methods of hiding root including using magisk delta, sensitive props hiding, safety net fix, even if you have to use riru and momohider, it may prevent the probable zygisk detect or exposed detection you are getting, but even better so you're in a sandbox separate profile for a reason, turn off multi user mode switch. No root gets to Island. I'm trying to get kernel super user people to add this functionality because this is the only way to use some applications that are very picky, there is no multi user mode switch you have Global root access for all profiles and island is no refuge. But for your sake you're lucky you can just disable root over there.

(It has been said that devices that actually support the play integrity bypass and the bootloader spoofers out there that exist for exposed, the bootloader speaker for only works for devices that don't show up broken tee when checked with momo sadly (xiaomi and the pixels work fine with it ..ect. But most likely Motorola and OnePlus show broken) those guys have claimed to pass full strong hardware back integrity over there on island with bootloaders spoofer xposed.