The next generation of smartphone users will have it tougher if they want to modify their devices. SafetyNet makes apps unusable on devices that are rooted and otherwise modified. We tested some mod methods and were able to successfully run some known SafetyNet apps such as Pokémon GO or Snapchat. That said, supposed masking apps were no help at all.
Pokémon GO and Snapchat are perhaps the most well-known apps that use Google’s dreaded SafetyNet. SafetyNet is a server-side protection mechanism and a Google service for app developers. SafetyNet can verify whether system files were tampered with. It's actually used to detect if the firmware has been modified. Not only does it affect modified firmware, it also hits rooted smartphones.
With SafetyNet, apps can check this and other characteristics on a smartphone. If the firmware or system has certain changes, the app will not run. The most common reason for not running is root access. John Kozyrakis, security adviser for app developers, explains many additional exclusion criteria in an exquisite deep dive into SafetyNet on his blog.
Our SafetyNet experiment
Of course, we have tried to circumvent SafetyNet’s clutches. The forum and many internet articles discuss the successes of unroot, root switcher, Magisk or Microg, although it’s not as easy as it seems. Once rooted, your smartphone is permanently disqualified for Pokémon GO. None of the aforementioned solutions help either, at least not permanently.
It’s a cat-and-mouse game between Google’s SafetyNet and the XDA community’s Magisk, since Google is constantly giving app developers new criteria that they can use to check devices. The makers behind tools like Magisk must first guess them so that a device can be legitimately recognized again and Snapchat can run. Magisk already has an integrated quick test, and Google’s blog shows how simply verification is. You yourself can quickly perform the test with this app:
A masking attempt with Magisk didn’t work for us. Even fully unrooting our Lineage setup using the unroot tool from Lineage extras didn’t help: once SafetyNet gets you, it gets you forever. Even when testing with a Samsung Galaxy rooted with CF Autoroot, it was very difficult to break free from SafetyNet. Once lightly modified, one more reset can also help: it requires a full reflash of the original firmware including a NAND erase. Before unrooting, you should also make a backup of everything that can be saved and restored afterwards without root.
You’ll have an easier time without root
For now, modding is still allowed by SafetyNet. Alternative firmware like Lineage with Google apps that are installed afterwards are given the green light by critical apps such as Snapchat or Pokémon GO - even the SafetyNet helper app for the quick test produces a green result.
Those apps are less accommodating if your Android installation has been rooted even once in its history. Even if SuperUser access has been properly removed, it will be detected by SafetyNet using unknown traces. The only solution would be to replace the contents of the system partition, which practically means a mandatory reset of all settings and deleting all data.
Let’s hope that SafetyNet’s functionality restrictions continue to be limited to root. However, should third-party firmware one day attract the attention of SafetyNet, the openness of the Android ecosystem and users’ right to freely make decisions about their devices will be unpleasantly restricted.
Have you had trouble with SafetyNet? What steps have you taken against this security measure by Google? Let me know in the comments below!