As we know, Google’s SafetyNet makes an attestation which validates that the software environment on an Android device is not compromised. Custom ROMs have a tendency to fail the test for various reasons, preventing us from banking applications, electronic wallets and even some games like Pokemon Go. This list is likely to grow in the future.
Stock ROMs from handset manufacturers are of course compliant, but compliancy has also been reported on unofficial-by-nature Miui EU ROMs. (The message is that you can play Pokemon Go on them, but under the hood it is SafetyNet that is happy with everything.)
Now my questions is, theoretically speaking, what would it take to make a custom ROM (such as TS CM13.1) SafetyNet compliant?
My question is about doing it the formal way, like handset manufacturers do it, not trying to hide or temporarily tweak anything.
“SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to find this same profile within a list of device models that have passed Android compatibility testing. The API also uses this software and hardware information to help you assess the basic integrity of the device, as well as the APK information of the calling app.”
“Basic integrity” seems trivial: no signs of tampering (root access, unlocked ROM, spoofed software components etc).
However, does anyone know, what does this “Android compatibility testing” mean? I didn’t find anything that would make sense in this context; is it merely a requirement that there should be a number of similar non-tampered devices around?
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic.