MEETS_BASIC_INTEGRITY on Wear OS smartwatch dispite SafetyNet being BASIC,HARDWARE_BACKED (mobvoi TicWatch Pro (catfish))

[CE1CECL]

This app works on fine on my Bold Like US, C5L 2020 (FWVGA) though, it is rooted but it passes MEETS_STRONG_INTEGRITY, and BASIC,HARDWARE_BACKED in the SafetyNet tab. It also wanted me on the watch to update google play when I uninstalled its updates, I even tried installing a mobile version with no luck. I heard online somewhere the app package name used has to support the wear os app market? I tried it also with all of https://github.com/chiteroman/PlayIntegrityFix https://github.com/osm0sis/PlayIntegrityFork https://github.com/daboynb/PlayIntegrityNEXT and I only use PlayIntegrityFork without a pif config on my C0070WW phone, otherwise I would get a MEETS_DEVICE_INTEGRITY only. A video was made on the phone to prove that Magisk is installed and I am MEETS_STRONG_INTEGRITY since last night: http://CE1CECL.GitHub.io/ScreenCapture_20240703_153407_849.mp4 (I couldn't upload it here, it was 3MB too big for issues, 10MB max). Its also possible the PlayIntegrityFix (not the PlayIntegrityFork) worked but I had a config on it, so I didn't test it for MEETS_STRONG_INTEGRITY. @osm0sis @herzhenr

[pndwal]

Wow...

But isn't an issue with SPIC; that's an issue with OEM implementation of Keymaster/chain of trust from AVB... Also seen in Asus Rog phones... Quietly... 👀

[CE1CECL]

Wow...

But isn't an issue with SPIC; that's an issue with OEM implementation of Keymaster/chain of trust from AVB... Also seen in Asus Rog phones... Quietly... 👀

Actually both bootloaders are still locked, the watch has no secure boot at all, and the phone I resigned the keys to lock the bootloader.

But isn't an issue with SPIC The watch doesn't show results is the issue (Play Integrity Check only), I was trying to ask the app owner to enable support for real result reading on Wear OS devices, if possible.

[pndwal]

Have you messed around with rebuilding TEE, framework patching to build a valid certificate chain etc? Used a root signed keybox?...

Because generally you shouldn't get STRONG with either yellow or orange boot state. Neither is "Verified"... So relocking should make no difference with custom keys...

[CE1CECL]

Have you messed around with rebuilding TEE, framework patching to build a valid certificate chain etc? Used a root signed keybox?...

Because generally you shouldn't get STRONG with either yellow or orange boot state. Neither is "Verified"... So relocking should make no difference with custom keys...

But its a green lock state though. I don't get any boot up warnings

[pndwal]

Again, did you build ROM with OEM keys or spoof green by rebuilding TEE with a valid OEM signed keybox or otherwise applying one, eg systemlessly w/ root?

... Because locking with custom keys will only give yellow boot state and you shouldn't be able to spoof the hardware keys... Unless OEM messed up the Keymaster implementation... 🙃 😮

[CE1CECL]

Again, did you build ROM with OEM keys or spoof green by rebuilding TEE with a valid OEM signed keybox or otherwise applying one, eg systemlessly w/ root?

... Because locking with custom keys will only give yellow boot state and you shouldn't be able to spoof the hardware keys... Unless OEM messed up the Keymaster implementation... 🙃 😮

I used the OEM's leaked key

[pndwal]

I used the OEM's leaked key

Yup yup 😉

and I only use PlayIntegrityFork without a pif config on my C0070WW phone, otherwise I would get a MEETS_DEVICE_INTEGRITY only.

So this is pretty misleading...

Also, isn't the watch just correctly showing results for its own OS?... You do say:

the watch has no secure boot at all

And

The watch doesn't show results is the issue (Play Integrity Check only), I was trying to ask the app owner to enable support for real result reading on Wear OS devices, if possible.

So OP and title could be much clearer, but not sure why you want one device to display results for another... could lead to further confusion.

[CE1CECL]

I used the OEM's leaked key

Yup yup 😉

and I only use PlayIntegrityFork without a pif config on my C0070WW phone, otherwise I would get a MEETS_DEVICE_INTEGRITY only.

So this is pretty misleading...

Also, isn't the watch just correctly showing results for its own OS?... You do say:

the watch has no secure boot at all

And

The watch doesn't show results is the issue (Play Integrity Check only), I was trying to ask the app owner to enable support for real result reading on Wear OS devices, if possible.

So OP and title could be much clearer, but not sure why you want one device to display results for another... could lead to further confusion.

the watch has no secure boot at all

I meant the watch shipped without fuses in EDL mode, and there is not vbmeta partition on the watch, fastboot says (since I opened it up the box) "SECURE BOOT: disabled". The phone has vbmeta though. (of course, signed to root with that key)

and I only use PlayIntegrityFork without a pif config on my C0070WW phone, otherwise I would get a MEETS_DEVICE_INTEGRITY only.

I don't know why this is but its possible its setting a prop variable to make it that way. Even logcat says the config wasn't found. It would most likely work without PlayIntegrityFork anyways (haven't tested it yet, I only tested Play Integrity using the app when I used the pif config and always had the module when I used the app)

So OP and title could be much clearer, but not sure why you want one device to display results for another... could lead to further confusion.

I saw in another GitHub that the app has to be uploaded to Play Store to even be able to check integrity, but it was only added to the phone/tablet play store version, not the watch, which is why the result is ALWAYS the same.

[pndwal]

Any app can use default responses, and for device integrity that only includes the MEETS_DEVICE_INTEGRITY label... If you're seeing MEETS_BASIC_INTEGRITY the app/SDK has 'opted in' for additional labels and must be set up for Play Integrity API integration in the Play Console or the Play SDK Console.