One of Android’s selling features is its openness. Some of it is by design, like the ability to use different app launchers or default apps. Others, however, are products of some rather involved hacking and development, specifically rooting and custom ROMs. Unfortunately, it seems that the latter set of superpowers might soon be coming to an end as Google ramps up its efforts to secure the Android platform, a move that could also make that same platform less attractive to a particular class of users.
Rooting on Android, just like jailbreaking on iOS, involves exploiting security vulnerabilities to gain root access. Installing custom ROMs, however, often involves unlocking the phone’s bootloader, a process that is actually supported (though often not advised) by some manufacturers like Sony. Google’s latest version of SafetyNet, however, might treat them all the same as signs of a compromised phone.
SafetyNet is a set of Google Play Services APIs that apps can use to verify that a phone has not been compromised security-wise. This is critical for apps like banking and financial apps but some apps that don’t really need it also do. Pokemon GO and McDonald’s apps are such examples. In the past, rooting frameworks like Magisk are able to get around these by using those same APIs to tell the apps that, no, the phone isn’t rooted. Now that will be more difficult to do with the latest version of SafetyNet.
According to seasoned developers, SafetyNet has silently started using hardware attestation to check for the integrity of a device. It will use various factors like bootloader unlock status, the presence of root programs, signed firmware, and others to check the phone’s status. In other words, it will become almost impossible to hide a phone’s root status from apps check for it.
To be clear, it will still be possible to root Android devices or install custom ROMs on them. With the new SafetyNet, however, users will have to make a choice between those superuser features and being able to use some popular and important Android apps. For some users, the fact that they are being forced to make a choice is already enough to make them feel like they’re using iOS anyway.