[epapsiou]

Have been on Cynogen/Lineage since 2012. Love the idea and the philosophy. Recently have been coming across safetynet issue. Will 19 address that? Also wondering what is the future of AOSP development, now that big companies are poaching developers (and effectively killing good projects like Magisk)

[woleium]

There is a workaround for safetynet (so you can run banking apps and others that don't allow unlocked bootloader) but it's a bit of a cat and mouse game. be prepared to re-apply after each upgrade, which can be as often as every other week on the stable branch.

[cowtools]

Looks like there aren't going to do anything about safetynet: https://www.lineageos.org/Safetynet/

What's the future of AOSP? There are other distros like GrapheneOS and CalyxOS that take advantage of the open-ness of "google pixel" hardware. But I think the end goal is to replace android with a linux userspace like postmarketOS and containerizing android with Waydroid.

[zekica]

Safety net can be worked around using Magisk (including v24.3) by enabling Zygisk, downloading UniversalSafetyNetFix and MagiskHidePropsConfig, running the "props" binary from adb shell and selecting a known factory device fingerprint. and then adding the apps to the "DenyList".

You also need to clear the data of Google Play Services and Google Play Store, and of the apps that detected root.

[epapsiou]

It is a hit or miss for me. But with TopJohnWu gone to google I wonder how long will Magisk last.

[zozbot234]

AIUI, Zygisk is a Google-approved variety of Magisk. The real issue with SafetyNet bypass is that it's inherently unreliable because Google could at any time require a locked bootloader running stock OEM ROM for passing SafetyNet, so any rooted device would be SOL.

[kelnos]

From what I'm reading many newer devices require a locked bootloader, else SafetyNet will fail. So realistically I think that means only Pixel phones could work, since they support relocking the bootloader with a non-stock ROM.

[floatboth]

Lots of phones support relocking to a user provided key (OnePlus does for sure) but it's a less trusted state than locked to the vendor key, I don't think it counts as good enough for full SafetyNet

[colordrops]

Fishy.

[deng]

On reasonably modern phones, you cannot pass SafetyNet with an unlocked bootloader, see

https://nitter.net/topjohnwu/status/1237830555523149824

Luckily, all banking/authenticator apps I depend on only check for root and do not require SafetyNet. Yet....