TrickyStore

TrickyStore is an Android module you install via Magisk, a popular rooting tool. Its core job is to manipulate how Android reports device integrity to apps and services that check whether a phone has been modified or rooted. Android 12 or later is required.

Modern Android devices include a security feature called hardware-backed key attestation, which lets apps verify that the phone's security hardware is genuine and unmodified. Services like Google Play and some banking apps use this to block rooted or altered devices. TrickyStore intercepts that process and substitutes a replacement certificate, called a keybox, so the device can pass stronger integrity checks even after modification. You provide this keybox as a specially formatted XML file containing cryptographic private keys and certificate chains, placed at a specific path on the device.

TrickyStore also includes a Build Vars Spoofing feature, which requires an additional component called Zygisk. This lets you override what the phone reports as its model, manufacturer, fingerprint, and other identifiers, making the device appear to be a completely different phone. You configure this by editing a text file with key-value pairs for each property you want to fake.

You control which apps receive these modifications through a target.txt file. By default, listed apps get the leaf-certificate trick, where TrickyStore intercepts and modifies the certificate the phone's security chip returns. On devices where that security chip is broken or inaccessible, TrickyStore can instead generate an entirely fake certificate chain. You enable this per-app by adding an exclamation mark after the package name in the target list.

The project is open-source and credits several related tools from the same Android modification community. The to-do list covers App Attest Key support and compatibility with Android 11 and below. The README is short and aimed at readers already familiar with Magisk and Android rooting.