Root on Android becomes tricky: re-checking SafetyNet hardware makes it impossible to hide changes

Google has taken a new step in the eradication of unauthorized modifications in Android: the new hardware verification of SafetyNet, the security system which guarantees that the phone has not been tampered with, makes it impossible to use tools like Magisk; which will prevent hiding the root or installed ROM of applications that check the integrity of the phone.

Since Android is Android, there has been a community of developers who have always looked for ways to modify the system to make it even more customizable for the user. ROMs are a good example, for example also root or administrator access. However, these processes involve risks for the user and for the material; Reasons why Google has gradually made changes difficult. And now you’ve taken one of the final steps against root: the integrity check by hardware certification. He is already active.

  All mobiles that will access the beta of Android 11: models and dates

SafetyNet hardware certification cannot be bypassed

How Security Works on Android

Until now SafetyNet has checked the integrity of the phone in a “basic” way and certified it by software. Thanks to this tools like Magisk could hide changes from all applications They were looking to make sure the phone did not have a ROM and / or was not rooted, changes that could compromise the use of applications (make a screen recording on Netflix, for example). Magisk Hides Status From SafetyNet By “Cheating” On Google’s Security APIs offering false results when looking for phone software changes. With hardware certification, it’s impossible.

  OPPO Reno 2, Reno Z, A9, F11, F11 Pro, A9 and R17 start updating to Android 10 with ColorOS 7

As they say in the XDA developers, and after the verifications of the own John Wu, creator of Magisk, SafetyNet’s new hardware certification makes it impossible to use Magisk and similar tools, at least as they work today. With such hardware certification, there is no way to deliver false results when faced with integrity check, as the Google APIs guarantee that the phone’s certification keys are legitimate. compare those that the company has on its servers with those stored in the secure area of ​​the device. And, since there is no way to change this area, the so-called Trusted Execution Environment (TEE), there is also no way to hide changes made to the phone from all of these applications that require verification .

  Nokia 6.2 starts receiving official update for Android 10

Safe environment Android Here’s how the Trusted Execution Environment (TEE) works

SafetyNet hardware certification should not kill roots and ROMs, although it is difficult to use. Because if the applications end up asking SafetyNet for security checks, gradually the number of applications available for those who have modified the phones will be reduced; which will prevent them from being modified. After all, who would want to use a smartphone they can’t run their favorite apps on?

Google’s move doesn’t kill root, but it doesn’t hide it from apps that check if the phone is rooted

The new hardware certification has started, Google is currently testing it on some devices. There is no official statement from the company, but a notice in the community of the start of testing. Hopefully, over the months, SafetyNet will stop doing basic checks to run them with a hardware certification. We will see if Magisk and others manage to get by.

  OnePlus Nord against its competitors: it faces the Poco F2, Realme X50, Xiaomi Mi 10 Lite and other Android devices of the same price

Source :