Hot topics

Trapped in Google’s safety net: what modders need to know

AndroidPIT worst uis 0790
© nextpit

The next generation of smartphone users will have it tougher if they want to modify their devices. SafetyNet makes apps unusable on devices that are rooted and otherwise modified. We tested some mod methods and were able to successfully run some known SafetyNet apps such as Pokémon GO or Snapchat. That said, supposed masking apps were no help at all.

Pokémon GO and Snapchat are perhaps the most well-known apps that use Google’s dreaded SafetyNet. SafetyNet is a server-side protection mechanism and a Google service for app developers. SafetyNet can verify whether system files were tampered with. It's actually used to detect if the firmware has been modified. Not only does it affect modified firmware, it also hits rooted smartphones.

With SafetyNet, apps can check this and other characteristics on a smartphone. If the firmware or system has certain changes, the app will not run. The most common reason for not running is root access. John Kozyrakis, security adviser for app developers, explains many additional exclusion criteria in an exquisite deep dive into SafetyNet on his blog.

Our SafetyNet experiment

Of course, we have tried to circumvent SafetyNet’s clutches. The forum and many internet articles discuss the successes of unroot, root switcher, Magisk or Microg, although it’s not as easy as it seems. Once rooted, your smartphone is permanently disqualified for Pokémon GO. None of the aforementioned solutions help either, at least not permanently.

safetynet pokemon go snapchat blocked
For anyone caught in SafetyNet it's not that easy to get out. / © ANDROIDPIT

It’s a cat-and-mouse game between Google’s SafetyNet and the XDA community’s Magisk, since Google is constantly giving app developers new criteria that they can use to check devices. The makers behind tools like Magisk must first guess them so that a device can be legitimately recognized again and Snapchat can run. Magisk already has an integrated quick test, and Google’s blog shows how simply verification is. You yourself can quickly perform the test with this app:

safetynet pokemon go snapchat open
Only a root-free custom ROM will free you from SafetyNet. / © ANDROIDPIT

A masking attempt with Magisk didn’t work for us. Even fully unrooting our Lineage setup using the unroot tool from Lineage extras didn’t help: once SafetyNet gets you, it gets you forever. Even when testing with a Samsung Galaxy rooted with CF Autoroot, it was very difficult to break free from SafetyNet. Once lightly modified, one more reset can also help: it requires a full reflash of the original firmware including a NAND erase. Before unrooting, you should also make a backup of everything that can be saved and restored afterwards without root.

You’ll have an easier time without root

For now, modding is still allowed by SafetyNet. Alternative firmware like Lineage with Google apps that are installed afterwards are given the green light by critical apps such as Snapchat or Pokémon GO - even the SafetyNet helper app for the quick test produces a green result.

Those apps are less accommodating if your Android installation has been rooted even once in its history. Even if SuperUser access has been properly removed, it will be detected by SafetyNet using unknown traces. The only solution would be to replace the contents of the system partition, which practically means a mandatory reset of all settings and deleting all data.

Let’s hope that SafetyNet’s functionality restrictions continue to be limited to root. However, should third-party firmware one day attract the attention of SafetyNet, the openness of the Android ecosystem and users’ right to freely make decisions about their devices will be unpleasantly restricted.

Have you had trouble with SafetyNet? What steps have you taken against this security measure by Google? Let me know in the comments below!

  nextpit recommendation Price tip Luxury version with handle Price tip with handle For Garmin fans Mid-range tip
Product
Image Withings Body Smart Product Image Renpho Smart Body Fat Scale Product Image Withings Body Scan Product Image Lepulse Lescale P1 Product Image Garmin Index S2 Smart Scale Product Image eufy Smart Scale P3 Product Image
Deals*
Go to comment (1)
Eric Ferrari-Herrmann

Eric Ferrari-Herrmann
Senior Editor

Eric has been with AndroidPIT since 2014. He’s writing articles and reviews for the German website. Topics are mostly privacy and new technology but there's also the occasional piece on environmental sustainability.

To the author profile
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
1 Comment
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • 20
    Reg Joo Jun 3, 2017 Link to comment

    "Let’s hope that SafetyNet’s functionality restrictions continue to be limited to root. However, should third-party firmware one day attract the attention of SafetyNet, the openness of the Android ecosystem and users’ right to freely make decisions about their devices will be unpleasantly restricted" When that day comes, will be the day I break camp, and pay for the headaches of apple. My ipad air already runs rings around my honor 5x , it loads webpages , and games, so much faster that it's not even funny! Nonetheless, I'd rather stay with android, but taking it's appeal away(you can make your phone, your phone), is tantamount to a full fledged retreat.