New Mysafaricom App - if you root

My safaricom app is coming out of beta. I here it is cleaner and has new features.

I can’t get Magisk Hide to well “hide” my root status. No other app has ever managed to do this. I have the old/normal Mysafaricom app. Opens with no problems… Any ideas ?

1 Like

It’s super clean. I don’t know how you can hide root though :smile:.

I think safaricom should force supermarkets to use QR scanning to pay for goods. I have used it many times and it is super fast; faster than giving out your number to trigger popup (pale Shoprite :smirk:), keying in “buy goods” digits :face_vomiting:, and handling cash (who does that nowadays? :thinking:).

I don’t know why retailers don’t embrace this method considering how clean it is and can be used by anyone with a camera (any smartphone basically). It sucks having to tell the cashier to show you the QR code


Same here, mpaka I tried hiding the magisk’s package name.

1 Like

Update: it is finally working. I don’t know what happened but it is following the rules finally. It can’t see my root status. Update both the safcom app and Magisk (both mod and manager). Also change the name of the app. I call mine “good”


To get magisk hide to work on such a stubborn app, uninstall the app completely or clear its data (cache and data) then go to magisk manager immediately after clean installing / clearing its data then enable hide for the app and start the app. It’s also a good idea to hide magisk package name.

For those who had issues with Xposed like me, you can temporarily disable Riru module from magisk and restart.

Alternatively: you can go full crazy and decompile the apk.
Won’t go in depth into all steps, as it’s nearly 1hr of messing around.

However, root chekcing happens at the SplashScreenActivity

invoke-virtual {p1}, Lcom/mpesa/splash/viewmodel/SplashViewModel;->checkDeviceIsSecure()Landroidx/lifecycle/LiveData;

move-result-object p1
#insert fake check

const/4 v7, 0x1

invoke-static {v7}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;

move-result-object v7

invoke-virtual {p1, v7}, Landroidx/lifecycle/LiveData;->setValue(Ljava/lang/Object;)V

#end fake check

This specific one is for MPESA - early access app.
const/4 v7, 0x1 is setting forcefully setting the test “checkDeviceSecure” as true 0x1

For a more in-depth guide on what all this means, see

also for obvious security and legal reasons I can’t post the modded apk here.


My guy this is deep. I watched the entire video. Mysafaricom and New Mpesa were already working on my phone but I will learn everything there is to know about reverse engineering. There are many apps that could use a little “touch up” when you have these skills.
Also, I don’t know when these banking apps will start acting up again. Still, Thank you

1 Like

Welcome bro, I remember equity eazzy app, sometime back would not work on rooted phones even with magisk, was hellish :joy::joy:

1 Like

@root I managed to decompile the mpesa app and removed root, thanks alot. Do you know where root is checked on mysafaricom app?

1 Like

I can’t remember the exact file but it had the name AppSafe in the name or function (the code for checking root)
Though I had issues recompiling the app, never got it to work.

1 Like

I also have the same case.

1 Like