Hello folks! It’s no secret to anyone that Google knows Android devices that have been modified. Devices that usually have the Bootloader unlocked, Root Access, and a Custom Recovery. For now, it obtains this information, through the SafetyNet API, although for some time now it has been preparing its replacement. The idea is to replace it with an API that will also take care of maintaining the integrity of the system and thus make it more secure. Most likely, thanks to this new API, it will be more difficult to hide Root Access. This new API is expected to replace SafetyNet in 2024. In this post, we will show you how to find out if your Android phone passes Google’s new Root Access check.
Play Integrity
The new API called Play Integrity will end up becoming the new standard method. Google has been developing this new advanced method for checking system integrity for some time. Making this system more secure and difficult to circumvent. It will replace Google’s old SafetyNet API and is presented as a way by which developers can “protect their apps and games from fraudulent and risky interactions”, being able to “reduce attacks and abuses such as fraud and unauthorized use”. They can also detect if the system has been modified. And in turn, they can do something about it (e.g. by preventing the app from running or limiting its functions).
Normally this is ideal for banking apps to prevent any illicit activity. Another area where we can see this security system is in competitive games, to prevent other players from using cheats.
First step
Download and install the Play Integrity API Checker application by following the link below:
Google Play | Play Integrity API Checker
Second step
Then open the Play Integrity API Checker app.
Third step
After that, it is as simple as tapping the “Check” button, with which you can do the check. Google Play Integrity API returns us three separate results, which developers can use to allow some changes. If everything is green, you pass all checks. If there are any results in red, you didn’t pass that check.
How the check works
The system integrity API puts a Google Play server in communication with one of its own for the application. It then sends the verdict on whether the device has passed the integrity check to the app server.
Types of tests
- The first test, MEETS_DEVICE_INTEGRITY is the one most apps check and determines whether the system thinks the phone is rooted or not.
- The second, MEETS_BASIC_INTEGRITY should pass on to most devices (even with root),
- The third one, MEETS_STRONG_INTEGRITY determines if the system bootloader is unlocked.
Conclusion
In case your phone does not pass the first check, there still seems to be hope for hiding Root Access. It is possible to use a Magisk module like Universal SafetyNet Fix to fool the system with a fingerprint from a previous version of Android in which the first check will pass by technically failing the check. Hopefully, by using this trick, you may be able to continue to enjoy the benefits of Root Access in the future. Thanks for reading us. Goodbye!
