GmsCore icon indicating copy to clipboard operation
GmsCore copied to clipboard
verified publisher icon microg

SafetyNet broken

Open ale5000-git opened this issue 2 years ago • 13 comments

The basic integrity still pass, but now it fails CTS profile match (on devices where it was passing not long ago).

Does this happens to everyone?

ale5000-git avatar Feb 03 '24 14:02 ale5000-git

not for me (lineage 20 using microg installer revived)

Turhvjbufv avatar Feb 03 '24 16:02 Turhvjbufv

It happens to me too.

roked avatar Feb 07 '24 09:02 roked

Probably not a microG issue. Google probably just patched whatever allowed you to get SafetyNet working on an unlocked device.

One thing that fixed it on Lineage for me was using Pixelify because it would spoof my device as an Pixel.

lucasmz-dev avatar Feb 12 '24 20:02 lucasmz-dev

I have tried with a Galaxy S2, device lock didn't exist yet at the time the device was created. So maybe it can be:

  • A microG bug;
  • or, a new DroidGuard binary that isn't "guarded" completely by microG;
  • or, a new property of the Cutom ROM that is detected.

The device don't have Magisk and don't have root.

ale5000-git avatar Feb 12 '24 22:02 ale5000-git

E DatabaseUtils: Writing exception to parcel 02-13 E DatabaseUtils: java.lang.SecurityException: com.google.android.gms was not granted this permission: android.permission.WRITE_SETTINGS. I get this error, is this related?

axydavid avatar Feb 13 '24 13:02 axydavid

I have the same issue here on a custom android OS, I was passing SafetyNet without any issues but recently the CTS profile started failing and also I cannot add Google account.

roked avatar Feb 22 '24 09:02 roked

I just found this on the PLAY INTEGRITY FIX thread:

Seems like Google are banning custom kernels, I recommend you to use stock one.

I'm not sure but it may be the explanation.

@mar-v-in Is there a way to overcome this problem? Like adding the kernel strings to spoof in the device profile.

ale5000-git avatar Mar 01 '24 11:03 ale5000-git

Probably is connected to new play integrity, since 1 feb the safety net is deprecated, I have a loocked bootloader with lineageos for microg and actually I cannot sign in on Pokémon Go since 1 feb. Also, safety net server will be still functional only for one year.

paolo-caroni avatar Mar 08 '24 19:03 paolo-caroni

It isn't like this since with microG + Play Store I was able to pass also Play Integrity. So probably they now also detect custom kernels or other things of custom ROMs.

ale5000-git avatar Mar 08 '24 19:03 ale5000-git

Look here: https://github.com/chiteroman/PlayIntegrityFix/issues/236

They block specific terms like "lineageos" in uname kernel string.

ale5000-git avatar Mar 08 '24 21:03 ale5000-git

My kernel is named: 4.9.337-perf+ #1 Mon Feb 5 22:54:25 UTC 2024

So probably the check is on the kernel and othe things.

paolo-caroni avatar Mar 08 '24 22:03 paolo-caroni

I'm not sure where it is really checked but maybe it is the output of this: adb shell cat /proc/version.

ale5000-git avatar Mar 08 '24 22:03 ale5000-git

I had this problem until today and I finally managed to solve it thanks to the magisk playintegrityfork module : https://github.com/osm0sis/PlayIntegrityFork

But the module alone was insufficient, so I had to add the script pickaprint.sh https://xdaforums.com/t/module-data-custom-pif-json-files-collection-for-play-integrity-fix.4646739/ which I ran from the /data/adb/modules/playintegrityfix/ folder.

Now the microG safetynet test passes all the tests, but I still can't get through the Playintegrity test from the IntergrityChecker application. I get the error "error getting token from Google". (Please note that I don't use Google services, only MicroG)

abda11ah avatar Aug 13 '24 14:08 abda11ah