SafetyNet Compliancy

Home Forums Xiaomi Mi4c libra General Discussion SafetyNet Compliancy

This topic contains 2 replies, has 2 voices, and was last updated by  willeo 1 week, 4 days ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #11959

    willeo
    Participant

    Happy New Year everyone!

    As we know, Google’s SafetyNet makes an attestation which validates that the software environment on an Android device is not compromised. Custom ROMs have a tendency to fail the test for various reasons, preventing us from banking applications, electronic wallets and even some games like Pokemon Go. This list is likely to grow in the future.

    Stock ROMs from handset manufacturers are of course compliant, but compliancy has also been reported on unofficial-by-nature Miui EU ROMs. (The message is that you can play Pokemon Go on them, but under the hood it is SafetyNet that is happy with everything.)

    Now my questions is, theoretically speaking, what would it take to make a custom ROM (such as TS CM13.1) SafetyNet compliant?

    My question is about doing it the formal way, like handset manufacturers do it, not trying to hide or temporarily tweak anything.

    #12008

    topkek
    Participant

    I would also like to know, been trying to make PoGo work but SafetyNet blocks me.

    #12089

    willeo
    Participant

    Anyone?

    https://developer.android.com/training/safetynet/index.html says:

    “SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to find this same profile within a list of device models that have passed Android compatibility testing. The API also uses this software and hardware information to help you assess the basic integrity of the device, as well as the APK information of the calling app.”

    “Basic integrity” seems trivial: no signs of tampering (root access, unlocked ROM, spoofed software components etc).

    However, does anyone know, what does this “Android compatibility testing” mean? I didn’t find anything that would make sense in this context; is it merely a requirement that there should be a number of similar non-tampered devices around?

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.