Clarify SafetyNet / Play Integrity row

eylenburg / eylenburg.github.io

https://eylenburg.github.io/

Creative Commons Attribution Share Alike 4.0 International

119 stars 12 forks source link

Clarify SafetyNet / Play Integrity row #33

Closed D3SOX closed 5 months ago

D3SOX commented 5 months ago

I was wondering why it says Yes for CalyxOS as I'm running the latest build on my Pixel 8 Pro and I get neither SafetyNet nor Play Integrity.

Do you mean Basic Integrity here? If yes I think the field should be split up into

SafetyNet basic integrity
CTS Profile match
Play Integrity

As far as I know it's not possible to fully pass both on a custom ROM without using something like Magisk and a module that fixes it (not sure about Graphene)

eylenburg commented 5 months ago

I think you're right. The table needs to be changed because it's not as compatible as stock Android.

For GrapheneOS [1] it says that only basicIntegrity is passed although it doesn't mention Play Integrity here but only Safetynet.

For microG I believe it's the same (only basicIntegrity) and the additional issue that Play Integrity depends on the Play Store? [2] [3] [4] [5] [6]

What would you propose is the right way to show it?

	GrapheneOS Play Services	MicroG	MicroG + root
SafetyNet basic integrity	OK	OK	OK
CTS Profile match	No	No	OK ???
Play Integrity	No	???	???

I don't have any personal experience because I don't use either Play Services or microG.

matchboxbananasynergy commented 5 months ago

SafetyNet is obsolete and has been replaced by Play Integrity API. SafetyNet is largely no longer relevant. GrapheneOS passes MEETS_BASIC_INTEGRITY, but not MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY, as that requires a Google-certified OS.

eylenburg commented 5 months ago

Thank you @matchboxbananasynergy

Do you know if that's the same for microG?

matchboxbananasynergy commented 5 months ago

I know that it can't pass MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY on devices not running a Google-certified OS unless you spoof, which can pass one of the two, but not in a way that will be possible for a long time.

I don't think microG makes any such spoofing attempts. Regarding MEETS_BASIC_INTEGRITY, I don't know how that is handled and it might depend on factors outside of microG's control too.

matchboxbananasynergy commented 5 months ago

By the way, I am against adding information about "root" or magisk modules regarding spoofing this. It's not robust, it's being cracked down, and will cease being possible no matter what people do soon. In addition to that, rooting destroys the Android security model; it's not a valid approach.

eylenburg commented 5 months ago

I agree. I just updated the row to saw "passes only basic integrity" in light green. The only one exception being Stock Android of course.

ale5000-git commented 4 months ago

I haven't tried it but I don't think it is impossible to pass strong integrity (but only if it is done directly by ROM authors).

For ROMs that spoof original details (like model, device, fingerprint, etc.) but also Kernel version strings, and they are even able to relock the bootloader with the cutom ROM; then maybe they can pass without root and without Magisk.

matchboxbananasynergy commented 4 months ago

It's not possible is hardware attestation is used. Play integrity API is moving to that, and it won't be spoofable, not matter what the OS does.