Justsnoopy30
commented
4 years ago Confirmed on Google Pixel 3 XL (crosshatch) running stock (with magisk) Android 10 with the 2020 March Security Patch.
Closed Terrails closed 4 years ago
Justsnoopy30
commented
4 years ago Confirmed on Google Pixel 3 XL (crosshatch) running stock (with magisk) Android 10 with the 2020 March Security Patch.
androidacy-user
commented
4 years ago What I've observed from groups I'm in, and user feedback on MagiskFixes:
I know #1152 is generally used for issues with so little information; however best practices are being followed, and SafetyNet no longer passing is hardly just some random Chinese app detecting root through borderline malicious methods.
Justsnoopy30
commented
4 years ago A supposed (not tested by me yet) fix for this issue is on XDA (https://forum.xda-developers.com/apps/magisk/safetynet-fix-google-update-march-2020-t4063679), however it's not a proper fix for this issue as it just fakes the CTS Profile value.
androidacy-user
commented
4 years ago A supposed (not tested by me yet) fix for this issue is on XDA (https://forum.xda-developers.com/apps/magisk/safetynet-fix-google-update-march-2020-t4063679), however it's not a proper fix for this issue as it just fakes the CTS Profile value.
In my experience doesn't even work anyhow I've tried it before
Terrails
commented
4 years ago A supposed (not tested by me yet) fix for this issue is on XDA (https://forum.xda-developers.com/apps/magisk/safetynet-fix-google-update-march-2020-t4063679), however it's not a proper fix for this issue as it just fakes the CTS Profile value.
I have tried this and I can confirm that CTS Profile passes in magisk manager, but closer inspection with a safetynet checking app or an app that doesn't support devices with a failed safetynet shows that it doesn't really work.
Justsnoopy30
commented
4 years ago Alright, so we've established that it's not a proper fix.
skittles9823
commented
4 years ago No fix is needed. This is an issue with the API and you don't actually fail even though CTS is false.
Terrails
commented
4 years ago No fix is needed. This is an issue with the API and you don't actually fail even though CTS is false.
Has that been reported to Google? Can't find anything on the tracker.
osm0sis
commented
4 years ago Justsnoopy30
commented
4 years ago Oh no, according to the tweet, I'm understanding that once this new safetynet key attestation is fully functional, magisk can't hide root from safetynet anymore without exploiting vulnerabilities that are quickly patched?
Justsnoopy30
commented
4 years ago Could magisk manipulate apps before they launch to remove any safetynet-checking code and make whatever code that runs if it passes run anyway?
Terrails
commented
4 years ago Could magisk manipulate apps before they launch to remove any safetynet-checking code and make whatever code that runs if it passes run anyway?
Exactly what I also thought about, but I guess thats only possible with xposed. I guess that's farewell to custom ROMs and Magisk for me since the apps I use the most have safetynet checks. I really hope that there's a way to intercept a safetynet request from an app, but I guess even that would be patched in the future. Google is really becoming more like apple, yes its for security but I still hope that google gives us a way to use custom ROMs and Magisk without losing safetynet.
androidacy-user
commented
4 years ago Could magisk manipulate apps before they launch to remove any safetynet-checking code and make whatever code that runs if it passes run anyway?
Exactly what I also thought about, but I guess thats only possible with xposed. I guess that's farewell to custom ROMs and Magisk for me since the apps I use the most have safetynet checks. I really hope that there's a way to intercept a safetynet request from an app, but I guess even that would be patched in the future. Google is really becoming more like apple, yes its for security but I still hope that google gives us a way to use custom ROMs and Magisk without losing safetynet.
That's against the point though, and every app dev nowadays is convinced that they need 5 different and SafetyNet checks even in low importance apps. Still unsure why TextNow refuses to work with failing SafetyNet
osm0sis
commented
4 years ago FAQ Regarding New SafetyNet Changes, from @topjohnwu: https://twitter.com/topjohnwu/status/1237830555523149824
Please close this Issue, since unfortunately there's almost certainly nothing to be done.
pro4tlzz
commented
4 years ago Can confirm today just for reference safetynet passes on OnePlus 5 9.0.10 with magisk version 20.3. GPay definitely works
Crinisus
commented
4 years ago I factory reset my device to fix an issue unrelated to the CTS Profile and after I flashed the factory image on my Google Pixel 3 (blueline) SafetyNet passed ¯_(ツ)_/¯ on Build QQ2A.200305.002
Google updated something on their side around a week ago and now some devices with unlocked bootloaders are being detected and not able to pass CTS Profile.
Before coming to this conclusion me and the people on XDA have tried to look at the properties of a device with an unlocked and locked bootloader and copying over changed props to no avail.
Downgrading google play services doesn't help at all, the only way to fix it is to lock your bootloader or downgrade to a lower version of android, can't tell which version exactly though. From this its pretty obvious that the issue is in the system itself. Looks like google is slowly rolling this thing out on their servers and who knows how many more devices will be affected in the future.
I'm sorry for the small amount of info, but there isn't really anything useful on my end that can be used to pinpoint the issue. I'm guessing something that was already built in android is now being utilized on google's end.
I tested this on a Xiaomi POCOPHONE F1 (beryllium) with a stock and custom android 10 ROM.