SafetyNet security update makes rooting Android phones impractical

Magisk has been giving rooted phones an isolated safe environment to run smoothly and install third-party applications without any issues. That has been possible because Magisk is able to create a ‘safe environment’ for bypassing the SafetyNet detection protocol to make a legitimate SafetyNet result that permits rooting of phones and implementing custom ROMs without creating an issue. Going around the SafetyNet Attestation API that’s called by apps to check if the software environment is safe, means Android users can explore the open OS environment.

That status quo has changed as Google’s openness for verifying the boot image integrity using hardware attestation has been full-proofed for some devices. This is expected to be the norm in coming months as Google has confirmed that SafetyNet Attestation API responses from some devices now have hardware-backed security. Now, the Google Play Services, which apps use for security checks, is now employing stringent attestation to detect any rooting attempts.

This is fine with banking applications and other apps that use sensitive user information, to prevent the chances of any hacking attempts via rooted devices. On the flipside some other apps like McDonald’s that are absolutely fine running on rooted devices are also not being able to run on such devices. This was discovered by XDA Developers members and one pro user topjohnwu calls out exclaiming, “app that overuse the API are creating a hostile environment for power users.”

What this means for power users is the highly restrictive OS environment as far as rooting a device goes. The core idea of Android to keep the software flexible towards changes is in question with this SafetyNet Attestation API process which will force users to think twice before making any changes. After all, it will become almost impossible to hide the phone’s root status from apps that require Google Play Services API checks.