Custom ROMs and safteynet 🤦
Safety net is complete BS, because they clearly are not using it to ensure security. A 10-year old phone with an outdated OS and multiple verified remote code execution vulnerabilities? Passes safetynet with flying colors. Want to update that OS to an aftermarket OS which actually has security fixes? Nope, google will do everything in their power to stop that (safetynet) from passing. It’s so blatantly not about security and all about restricting choice.
Same with most of the rest. In principle we should be excited about these security features, except the corporations are making sure if we want to use anything they get to hold the keys, not us. And that again makes it all about control, not security.
ref - #
The SafetyNet Attestation API is an anti-abuse API that allows app developers to assess the Android device their app is running on. The API should be used as a part of your abuse detection system to help determine whether your servers are interacting with your genuine app running on a genuine Android device.
- SafetyNet Attestation API: developers.android.com