There are different ways to pass SafetyNet on Android. However, it is difficult to do so and in the future, Google may make it even more challenging. Google keeps upgrading its SafetyNet, which is used to protect Android users from malicious apps by ensuring users only install legitimate apps. Rooting gives full control over the device, allowing the installation of custom ROMs that offer a lot of customization options not available with stock Android.
One way to pass SafetyNet is to use Magisk, a root manager that allows hiding your device’s use of SafetyNet. To do this, you need to install Magisk and enable its Hide feature to hide the root status from SafetyNet. Another way is to use a custom ROM, which is a forked version of the Android operating system that includes features to allow passing SafetyNet. Lastly, you can pass SafetyNet by using modules.
The modding community will continue to find ways to bypass SafetyNet. However, this also requires bootloader unlock. SafetyNet also prevents apps from tampering, and some devices do not work with rooted or flashed custom ROMs, including banking apps, payment apps, security apps, and game apps, as they rely on tamper-proof environments for execution. App developers use SafetyNet APIs to verify the integrity of their apps and the device they are running on, and they can choose to use them depending on their own security requirements. Meanwhile, some app developers do not use SafetyNet because they believe it is too restrictive.
Today, in this article, we will be sharing how to pass SafetyNet even after rooting or installing a custom ROM on your device with the following instructions mentioned below.
Google’s SafetyNet
Google’s SafetyNet helps to protect Android users from security threats such as bad URLs, malicious apps, fake users, and device tampering. SafetyNet APIs provide a cryptographically-signed attestation that assesses the integrity of the Android device, preventing personal information from being stolen or malware from being installed on devices. SafetyNet also offers the reCAPTCHA API, which verifies users and prevents spam and other malicious activity from affecting apps. Google is planning to upgrade SafetyNet with the new Play Integrity API, which is expected to come in 2024.
Android is primarily designed to run without giving end-users any kind of privileged controls, limiting the amount of control that end-users have over the underlying subsystem. When a device gets essential administrative (superuser) permission, it is similar to having administrative permission on Linux. This can alter or replace core system applications and settings, giving access to modify any files on the device, including system files. It can also install and run apps that require root access, giving more control over the device. However, this is a risky process that could avoid the device warranty and make it more vulnerable to malware. For safety, there should be some kind of abuse detection system to check the device software and hardware.
Modding allows customizing and personalizing the Android ecosystem to regain a high degree of rigor in Android OS within the constraints of security policies. Consider flashing custom ROMs, which are designed to be more secure and stable, offering additional features and security enhancements. However, you should first check whether the custom ROM is reputable and well-supported as it needs to be compatible with your device.
The SafetyNet Attestation API is a valuable tool for developers to protect their apps from malicious users by checking the integrity of the device. By using this API, developers and Google can help keep users safe and secure. The API checks a lot of things such as bootloader unlock, sign of superuser binaries, installed security patch, and hardware attestation, and then compares the state of the target Android device and verifies the Android environment against a known safe value on the server-side.
Consequences of Tripping SafetyNet
Some apps may not work if SafetyNet is tripped because modifying or rooting a device can make it more vulnerable to hacking and can violate app restrictions. SafetyNet can be tripped by events such as unlocking the bootloader, installing a custom ROM, rooting, or modifying the kernel. Therefore, it is important to check if a custom ROM or kernel will cause SafetyNet to trip before installing it. Even unlocking the bootloader can result in a CTS (Compatibility Test Suite) profile mismatch error due to a mismatch between your device’s build.prop file and the CTS profile stored on Google’s server. The CTS profile contains the device’s hardware and software build.prop files, and SafetyNet checks the list of requirements.
However, there are ways to fix the CTS profile mismatch error, and tools like Magisk and custom ROMs offer to hide the fact that your device has been rooted. These tools can help bypass SafetyNet validation, but apps and games that employ SafetyNet validation may have trouble. Nevertheless, Android community aftermarket development can provide support beyond the lifetime of devices that lose support from OEMs.
Passing SafetyNet Attestation
To ensure that your device passes SafetyNet Attestation, make sure your device is running the latest version of Android, and the SafetyNet Attestation API is enabled. To check SafetyNet Attestation, follow these instructions:
- Open Device Settings and head over to Security.
- Tap on Google Play Protect and then go to Verify Apps.
- Choose Settings and then SafetyNet Attestation.
If the API is enabled, you can check your device’s SafetyNet attestation status on the SafetyNet website. A green checkmark indicates that the basic integrity and CTS profile match. Google keeps updating its SafetyNet Attestation API, and there is no one method to bypass or spoof the most significant parameters, including the device model, Android version, and root methods.
SafetyNet is also used to track user activity, and Google is increasingly relying on hardware attestation by Trusted Execution Environment (TEE) or Dedicated Hardware Security Module (HSM) for tamper detection, which are difficult to modify or access without authorization. TEE is used to store sensitive data like encryption keys and to run apps that require a high level of security, while HSM is used to manage cryptographic keys, making it very difficult to spoof SafetyNet client-side response.
How to Pass SafetyNet:
We have listed some of the most common methods to pass SafetyNet.
Relocking the Bootloader and Restoring to Stock Firmware:
This is a basic method that involves reversing everything to the original state by restoring the stock firmware and relocking the bootloader. This may cause you to lose the ability for modding. However, it can be useful if you are trying to manage an environment with strict security policies or if you plan to sell your device, which will attract more potential buyers. There is no exact method on how this works, but you can check the community for this.
Magisk:
Magisk is well-known for hiding the rooting status and allowing you to pass SafetyNet on legacy Android smartphones by hiding the root status while keeping root access. It allows managing root permission and installing modules and add-ons to get more features and improve performance. Although the latest version of Magisk (MagiskHide V24) doesn’t have this feature, the previous version MagiskHide V23.x allows hiding the root status from apps.
Furthermore, Magisk modules like MagiskHide Props config can help change or spoof the device fingerprint to pass SafetyNet. Follow these instructions to use the DenyList for passing SafetyNet:
- Open Magisk App and tap on the gear icon (settings).
- Scroll down to find “Zygisk” and tap on it, then on “Enforce DenyList“.
- From there, choose “Configure DenyList” and tap on the triple-dot menu. From the options, choose “Show System apps”.
- Now, configure the DenyList for Play Service and Play Store. If you need it for others, ensure you choose those apps as well.
- Head over to Settings and then Apps, and clear data of all apps you configured in DenyList.
- Reboot your device. That’s it. Connect your device to the internet and keep the phone idle for a while, and then check the SafetyNet Status.
Universal SafetyNet Fix:
This is a Magisk module used to pass SafetyNet attestation. It injects code into the Play Service process and registers a fake keystore provider that overrides app. After installing Magisk, you can install Universal SafetyNet Fix and then check SafetyNet using the SafetyNet Test app. If it’s working, it will pass all the SafetyNet checks, but it isn’t a perfect solution. Developer support Zygisk solely for the latest version, meaning Magisk v24 or higher version will work perfectly fine to pass SafetyNet.
If you, for whatever reason, want to pass SafetyNet Attestation without Magisk, then this appropriately named tool called “ih8sn” may do the trick. It’s a prop override/reset script made by a few LineageOS contributors (but not officially endorsed by the project). https://t.co/di7tBGsm4s
— Mishaal Rahman (@MishaalRahman) January 4, 2022
First, install Magisk on your Android device and then remove the MagiskHidePropsConfig module. Next, install the Universal SafetyNet Fix module on your Magik and reboot your device. Now, you can simply wipe GMS data after rebooting. That’s it!
Profit, Shamiko, and Ih8sn:
Universal SafetyNet Fix Fork by Diplax and Shamiko or ih8sn are currently in development. You can use these to hide Magisk Root from bypassing the Play Integrity API. Simply add the Profit and Shamiko to hide and enforce DenyList. For configuring the whitelist mode, you can simply empty files as follows /data/adb/Shamiko/whitelist. As for Ih8Sen, navigate to /system/etc/ih8sn.conf, edit the file with a text editor to change the BUILD_FINGERPRINT and PRODUCT_NAME variables.
After applying this, you can check for SafetyNet from the website and the app. You can use the open-source app named YASNAC (short for Yet Another SafetyNet Attestation Checker). We hope this guide remains helpful for you, and you have successfully passed SafetyNet. Thanks for being with us. We would like to know your valuable opinion
