Hacker News new | ask | show | jobs
by josephcsible 1265 days ago
> - Universal SafetyNet Fix,[5] combined with MagiskHide Props Config[6] and Magisk,[7] allows you to spoof SafetyNet on your device to improve compatibility with apps that check for it, including some banking apps, commerce apps, and games.

This reason seems kind of silly, since your phone will already pass SafetyNet out of the box. You only need that to keep passing it after you root.
1 comments
commoner 1265 days ago
LineageOS in particular does not support relocking the bootloader after flashing, so it needs root access and this workaround to pass SafetyNet. The SafetyNet check fails if it detects an unlocked bootloader, unless the bootloader lock status is spoofed. (The other Android-based operating systems that do allow users to relock the bootloader don't support nearly as many devices as LineageOS does.)
link
josephcsible 1265 days ago
> The other Android-based operating systems that do allow users to relock the bootloader

If you relock the bootloader with a third-party OS, won't you still fail SafetyNet since the signing key won't be the one that Google blessed for that phone?

link
commoner 1265 days ago
Yes, you're right. To pass SafetyNet, not only does the bootloader need to present itself as locked (either through relocking or spoofing), the device fingerprint must also present itself as a Google-certified fingerprint (through spoofing).[1]

I know that CalyxOS spoofs the device signature to pass SafetyNet by default,[2] though it does not spoof the bootloader lock status. (It does support relocking, but only if the device is not rooted.) For LineageOS and all other Android-based OSes that I'm aware of, MagiskHide Props Config is the easiest way to spoof both the device signature and the bootloader lock status to pass SafetyNet.

[1] https://github.com/cnrd/MagiskHide-Props-Config#spoofing-dev...

[2] https://calyxos.org/news/2022/05/07/location-safetynet-fix/

link