One of the selling features of Android is its openness. Some of them are by design, like the ability to use different app launchers or default apps. Others, however, are more involved piracy and development products, specifically custom ROM and routing. Unfortunately, it appears that the latest set of superpowers could soon come to an end as Google steps up its efforts to secure the Android platform, a move that could also make that same platform less attractive to a particular class of users.
Rooting on Android, like jailbreaking on iOS, involves exploiting security vulnerabilities to gain root access. However, installing custom ROMs often involves unlocking the phone’s bootloader, a process that is actually supported (although often not advisable) by some manufacturers like Sony. However, the latest version of Google’s SafetyNet could treat them all as signs of a compromised phone.
SafetyNet is a set of APIs from Google Play services that applications can use to verify that a phone has not been compromised with security. This is critical for apps like banking and financial apps, but some apps that don’t really need it do too. Pokemon GO and McDonald’s apps are examples of this. In the past, rooting frameworks like Magisk can circumvent them using those same APIs to tell apps that, no, the phone is not rooted. Now that will be more difficult to do with the latest version of SafetyNet.
According to experienced developers, SafetyNet quietly began using hardware certification to verify the integrity of a device. It will use various factors like the bootloader unlock status, the presence of root programs, signed firmware and others to check the status of the phone. In other words, it will be almost impossible to hide the root state of a phone from apps to verify it.
To be clear, it will still be possible to root Android devices or install custom ROMs on them. However, with the new SafetyNet, users will have to choose between those superuser features and be able to use some popular and important Android applications. For some users, the fact that they are forced to choose is already enough to make them feel like they are using iOS anyway.
