| The workaround is from microG. You can get it on lineage-microg too. It has a bad name but really all that they do is replace Google's signing certificate with their own and change the OS to accept it. It's not that "hacky" IMO, you're just trusting a different party. It's just like when you install Ubuntu, you trust Canonical to sign your packages, not debian. They use the same thing to replace play services. And if you trusted Google you wouldn't be using microG anyways, you'd just use play services. The reason it gets a bad rap is because of the risk MicroG's signing key gets stolen. This is obviously higher than the risk of this happening for Google which is definitely in some highly protected HSM vault somewhere. True. Personally if I were a MicroG developer I'd keep it on a smartcard somewhere like a yubikey so it couldn't be easily copied. I don't know if they do this. On the other hand, there is more you need to do to exploit it, even if you have the signing key. You need to get the user to use some malicious software and get it on F-Droid or something undetected. Just having the private key will not net you anything. In my point of view you're trading a definitely possible but difficult possibility of a hack, for a total certainty that Google will track you every hour of every day. Personally I don't trust my smartphone with that much information anyway, but Google manages to collect so much because of their extended network. So they're able to extract much more info from my smartphone than I put into it by association. So it's an ok tradeoff for me. Everyone needs to make their own judgement on that. For that reason I don't use banking apps on my mobile anyway and I don't have a need for SafetyNet as a result.But it's nice to know that there is a possibility to use SafetyNet protected apps in some cases if I want (some detect the workaround I believe). |
I meant the workaround CTSPROFILEMATCH in safety net, its what makes most Payment providers work on CalyxOS.
As for MicroG, the GrapheneOS way of running unrootful GSM seems interesting, but they won't apply the Safetynet workaround, because its "hacky" and won't last when hardware attention is enforced.
This flows with most of GrapheneOS stances, they dont care about convenience much.
Personally I'm already close to my limit due to how many inconveniences I have for using a work profile and a custom ROM, and I dont want more.