Anyone from Brazil using Evolution X?

Understanding Evolution X and Its Relevance in the Brazilian Android Community

In the dynamic world of custom Android firmware, Evolution X has carved out a significant niche for itself. It is a custom ROM that blends the stability of LineageOS with a rich suite of features, drawing inspiration from various AOSP-based projects, including OmniROM, Paranoid Android, and the original AOSP. For users in Brazil, where the Android landscape is vibrant and heavily reliant on mobile banking and digital payments, the transition to a custom ROM like Evolution X raises critical questions. The primary concern, as highlighted in community queries, revolves around the compatibility of essential bank applications, specifically NUBANK, and the feasibility of using them without root access.

We understand that for the Brazilian user, daily life is deeply integrated with mobile applications. Services like Nubank, PicPay, Itaú, and Bradesco are not just utilities; they are financial lifelines. Therefore, the decision to move away from a stock manufacturer ROM to a custom one is a significant step that requires careful consideration of safety, security, and functionality. Evolution X, at its core, is an AOSP (Android Open Source Project) based ROM. This is a crucial starting point. Unlike heavy, proprietary skins such as MIUI, One UI, or ColorOS, which are laden with manufacturer-specific modifications, AOSP-based ROMs offer a cleaner, closer-to-Google’s-vision of Android.

This foundational difference is the key to understanding bank app compatibility. Banking applications in Brazil, and globally, employ sophisticated security protocols. They perform a series of checks to ensure the device environment is secure and unaltered. These checks include verifying the integrity of the operating system, checking for the presence of root binaries (like su), and detecting if the bootloader is unlocked or if a custom recovery is installed. Evolution X, by being an AOSP-based custom ROM, inherently alters the device’s software fingerprint. The device will report itself as running a custom build, not an official, manufacturer-signed firmware. This is the first hurdle that banking apps will detect. The central question for a Brazilian user is not just if the app will install, but if it will function correctly under these conditions, especially when root is deliberately avoided.

Bank App Compatibility on Evolution X Without Root

The user’s explicit intent is to use Evolution X without root. This is the most prudent approach for maximizing compatibility with banking and financial applications. When a device is running a custom ROM like Evolution X without root, the security model of the operating system is less compromised from the perspective of a banking app’s checks. However, it is not a guarantee of seamless functionality. We will explore the specific mechanisms at play and the practical steps to ensure the highest probability of success for accessing NUBANK and other similar applications.

How Banking Apps Detect Custom ROMs and Root

To effectively troubleshoot and configure a device for banking app usage, it is essential to understand the technical methods these applications use for security verification.

SafetyNet and Play Integrity API

Historically, SafetyNet was the primary API used by Android applications to check device integrity. It performed two main checks:

1. CTS (Compatibility Test Suite) Profile Match: This verifies that the device’s software and hardware fingerprint match those of a certified, stock Android device. A custom ROM, by its nature, will fail this check because its build fingerprint does not match any official manufacturer release.
2. Basic Integrity: This check looks for signs of software tampering, such as root access, an unlocked bootloader, or modifications to the system partition.

In recent years, Google has been transitioning developers from the older SafetyNet Attestation API to the newer Play Integrity API. This API is more robust and provides more detailed information to app developers. It allows an app to request a verdict on whether the device is in a genuine and uncompromised state. This includes checks for device rooting, running on an emulator, or having a compromised bootloader. For Evolution X users, failing the CTS profile match is expected, but the Play Integrity API can still provide a verdict that may allow some apps to function, while others, particularly in the financial sector, may enforce stricter checks and refuse to run.

Chain of Trust and Bootloader State

The Android boot process relies on a chain of trust. Each stage of the boot process verifies the digital signature of the next stage. Stock ROMs are signed by the device manufacturer’s private key, which is trusted by the hardware. When you unlock the bootloader to install a custom ROM like Evolution X, this chain of trust is broken. The bootloader no longer verifies the signature of the boot.img (which contains the kernel and ramdisk) against the manufacturer’s key. While this is necessary for flashing custom ROMs, it is a major red flag for apps that use the Play Integrity API. They can detect the unlocked bootloader state, which signals a potentially insecure environment. Even without root, an unlocked bootloader is a significant security deviation from a stock device.

The Nubank Scenario: Specific Challenges and Solutions

NUBANK is one of the largest digital banks in the world and a cornerstone of the Brazilian financial ecosystem. Its application is known for implementing robust security measures. Users on custom ROMs often report issues with Nubank, ranging from being unable to log in to the app crashing upon launch. These issues are almost always related to the security checks mentioned above.

When a user with an unlocked bootloader and Evolution X (without root) attempts to open Nubank, the app will likely run its integrity checks via the Play Integrity API. The failure to pass these checks can trigger several responses from the app:

• Blocking Access: The app may simply refuse to function, displaying an error message about an unsecure environment or asking the user to install the official firmware.
• Limited Functionality: Some features, like biometric authentication or transfers, might be disabled while others remain accessible.
• App Crashes: In some cases, the app may fail to initialize properly and crash immediately.

We have observed that the outcome can vary depending on the specific device, the version of Evolution X being used, and the current security policies implemented by Nubank. There is no universal solution that guarantees 100% success, but there are proven strategies to improve the odds.

Strategies for Maximizing Bank App Success on Evolution X

For users determined to run Evolution X while maintaining access to their financial apps, we recommend a multi-faceted approach that prioritizes system integrity and careful configuration.

1. The Importance of a Clean Installation

A pristine installation of Evolution X provides the best foundation. We strongly advise against dirty flashing or using mods that alter system-level permissions without a clear understanding of their impact. Start with a clean flash of the latest stable build of Evolution X for your specific device. Ensure that you are using the correct firmware version for your device model (e.g., “oxygen,” “sunfish,” “coral”) to avoid compatibility issues.

2. The Role of Magisk (Even Without Rooting)

This may seem counterintuitive, but Magisk is a critical tool even for users who do not wish to have root access. Magisk’s primary function today is not just to provide root but to offer a powerful systemless interface for modifying the Android system. Its most valuable feature for this scenario is the MagiskHide or Zygisk functionality, combined with a module called Universal SafetyNet Fix (USNF).

• Systemless Modification: Magisk can apply patches without directly altering the system partition. This is crucial because it allows the device to pass CTS profile checks. The USNF module works by injecting a custom, certified device fingerprint into the system. When a banking app queries the device’s identity, it receives a fingerprint from a stock, certified device (like a Pixel phone), effectively passing the CTS check.
• Hiding Root (When Rooted): If you do choose to enable root, Magisk’s hiding capabilities are essential. It can conceal the su binary and the Magisk app from target applications. You can configure a denylist to prevent specific apps (like Nubank) from detecting root.
• Using Magisk Without Root: During the Magisk installation process, you can opt not to install the Magisk app for root management. However, to use modules like USNF, you still need the Magisk environment. The modern approach involves installing Magisk, then flashing the USNF module via the Magisk app, and then, if you so choose, removing root access. The module’s patches will remain, as they are systemless. This provides the best of both worlds: a system that appears certified to banking apps, without the “risk” of an active root daemon running.

3. Hiding the Bootloader Status (Advanced)

Hiding an unlocked bootloader is significantly more complex than hiding root. Some devices with an active developer community may have kernels or bootloaders that can be patched to report a “locked” state, but this is rare and risky. For most users, the focus should be on passing the software integrity checks (SafetyNet/Play Integrity) rather than hiding the bootloader status. In many cases, once the CTS profile is successfully spoofed, Nubank and other banking apps will function even with an unlocked bootloader. The primary trigger for them is the failed software integrity check.

4. Dealing with Play Integrity API

The newer Play Integrity API is more challenging to bypass. The USNF module is continuously updated to address these challenges. It often requires using the MagiskHide Props Config module to set a custom device fingerprint, which includes loading a physical device’s pif.json (which contains Play Integrity hardware attestation data). This process is more technical and requires joining community forums (like XDA-Developers) to find the correct pif.json for the device you are impersonating (e.g., a recent Pixel device). This spoofing makes the Play Integrity API believe it is interacting with a genuine, unmodified device.

Step-by-Step Configuration for a Brazilian User

Here is a practical workflow for setting up a device with Evolution X for use with Brazilian banking apps.

1. Prerequisites: Unlock your device’s bootloader (this will wipe all data). Ensure you have the latest platform-tools (ADB and Fastboot) installed on your computer.
2. Installation: Install a custom recovery (like TWRP or the Evolution X recovery if available). Reboot to recovery and wipe data, cache, and system. Flash the Evolution X ROM and the corresponding Google Apps package (GApps are essential for Nubank). Reboot.
3. Initial Setup: Complete the Android setup wizard. Do not log in to any accounts that you suspect might flag your device.
4. Magisk and Modules:
   • Download the Magisk APK file from the official GitHub repository and rename it to Magisk.zip.
   • Flash Magisk.zip in your custom recovery.
   • Reboot and open the Magisk app.
   • Go to the “Modules” section and install the “Universal SafetyNet Fix” module from the online repository.
   • (Optional but Recommended) Install the “MagiskHide Props Config” module for more advanced fingerprint spoofing.
   • Reboot your device.
5. Configure Magisk:
   • Open the Magisk app.
   • Go to settings and enable “Zygisk” and “Enforce DenyList”.
   • Go to the DenyList and configure it for your banking apps (Nubank, etc.). Make sure to check all components of the app.
6. Testing: Clear the data and cache for Nubank. Open the app and attempt to log in. Monitor for any security warnings or crashes. If it fails, you may need to use the Props Config module to select a certified device fingerprint (e.g., Pixel 6 Pro) and obtain a valid pif.json from online communities.

Alternative Banking Apps and Their Behavior

While NUBANK is a primary concern, it is representative of a broader ecosystem of Brazilian financial applications.

• PicPay: This app is also known for its strict security. It often requires not just a certified device but also checks for emulator environments. Users have reported similar success with the Magisk + USNF method.
• Itaú, Bradesco, Caixa: Traditional bank apps can sometimes be more lenient than digital-native banks. They may rely more on user-side authentication (like SMS codes and biometrics) rather than deep system integrity checks. However, they still use the Play Integrity API, so the same precautions apply.
• Government Apps (Gov.br, etc.): Government applications often have the highest security standards. They may employ multiple layers of checks, and compatibility on a custom ROM can be very challenging. In some cases, these apps may be completely unusable without a stock, locked bootloader environment.

The success rate varies, but the community-driven nature of custom ROMs means that workarounds are often developed and shared. The key is to stay updated with the latest developments in modules like USNF and community discussions on forums.

The Broader Context: Custom ROMs in the Brazilian Market

The interest in custom ROMs like Evolution X in Brazil is driven by several factors. The market is filled with devices from manufacturers like Samsung, Xiaomi, Motorola, and Asus. Many of these devices come with heavy skins that can become bloated over time, leading to performance degradation and delayed Android updates. For users with older devices, a lightweight AOSP-based ROM like Evolution X can breathe new life into their hardware, offering a smoother experience and more recent security patches.

However, this performance and freedom gain comes at the cost of convenience, particularly in the realm of banking and corporate security. The Brazilian financial sector is heavily regulated, and banks are legally obligated to protect their customers from fraud. This translates to aggressive security measures in their mobile apps, making them less tolerant of modified Android environments.

We see a constant tug-of-war between the custom development community and application developers. As Google tightens security with each Android version (e.g., hardware-backed attestation), the community must develop more sophisticated methods to maintain functionality. For a user in Brazil, this means that a solution that works today on Android 13 with Evolution X might need to be adapted for Android 14 in the future. Therefore, adopting a custom ROM requires a commitment to staying informed and occasionally troubleshooting.

Weighing the Risks and Rewards

Before proceeding with Evolution X, every user must weigh the pros and cons.

Rewards:

• Performance and Battery Life: A clean AOSP ROM often provides better performance and battery optimization than stock manufacturer software.
• Customization: Evolution X offers a vast array of customization options, from UI tweaks to advanced power management settings, that are not available on stock ROMs.
• Timely Updates: Custom ROM communities often provide faster Android version updates and monthly security patches, sometimes even for devices that manufacturers have stopped supporting.
• Privacy and Control: You gain more control over your device, removing manufacturer bloatware and telemetry.

Risks:

• Banking App Incompatibility: This is the most significant risk. There is always a chance that an update from the bank or Google could break existing workarounds, leaving you temporarily unable to access your funds.
• Warranty Void: Unlocking the bootloader almost always voids the device’s hardware warranty.
• Potential for Bricking: Improper installation procedures can render the device unusable, requiring advanced recovery steps.
• Loss of Official Features: Some manufacturer-specific features (like Samsung Pay, Secure Folder, or camera features that rely on proprietary libraries) may not work or may be completely absent.

Conclusion: A Practical Path for Brazilian Evolution X Users

For anyone in Brazil considering Evolution X, the ability to use NUBANK and other banking apps without root is a realistic but not guaranteed goal. The path to success is paved with careful configuration. We advise that the best approach is to leverage the systemless modification capabilities of Magisk to install the Universal SafetyNet Fix module. This spoofing of the device’s certification status is the most effective method for satisfying the integrity checks performed by most banking applications.

It is imperative to understand that this is a cat-and-mouse game. The security landscape is always evolving. We recommend that users join dedicated communities for their specific device on platforms like XDA-Developers to get device-specific advice and the latest pif.json files for Play Integrity bypass. By staying informed and methodically configuring your device, you can enjoy the extensive benefits of Evolution X while maintaining access to the essential financial services that are central to life in Brazil. Always perform a full backup of your original stock ROM before beginning, so you have a safe point to return to if needed.