Users of android ROMs or rooted devices are often unable to use certain apps because they make a request to google to check whether the phone is “safe” or “secure” or whatever wording they use. Is there a way to trick those apps? Pretend to be google, remove/replace the google check, or even intercept the check at runtime and return that “everything is alright”?
Game have been hacked, cracked, or what for ages. It’s surely possible with android apps, isn’t it?
GrapheneOS supports this type of security checking outside of Google’s Play Integrity API but app devs have to enable it. The Graphene devs encourage leaving one star reviews, emailing support, and linking this page: https://grapheneos.org/articles/attestation-compatibility-guide
Yes, mostly using Magisk and addon, I used it for a couple of years on a rooted device, to fool banking app and netflix and whatnot, but it’s a cat and mouse game… android update something, next time you want to tap to pay, it does not work, you have to go on XDA and search for the right addon/trick to fool it again, and 2 weeks later, same thing… after doing it for months/years, it’s boring and annoying…
Keep a “secure” phone with locked bootloader for banking/tap to pay etc, and use others phones to tinker with, install ROM, etc.
Best to buy phones that you can relock your bootloader, from memory I can only think of 2 phone manufacturers that allow that: Fairphone and Pixel phones that allow you to relock bootloader.
I bought Fairphone 5 with Degoogled /e/ OS from Murena to avoid that annoying cat and mouse game. I bought from murena website to get my phone already with degoogled firmware flashed.
In my case bootloader is locked with google attestation so 99,9% apps works, including Banks apps with TAP to pay. Bank payments that dont use google pay but implent NFC directly works (so except for google pay other pay method should work).
Both my bank apps works with tap to pay, But Your milage may vary.
Im happy with my phone. Due to all that, not a single app had issues with “valid OS checks” because it actually is valid, it did came directly from seller and never got unlocked/flashed.
It is locked but I should be able to unlock bootlader, flash different firmware version and lock it back up making the attestation valid again but didn’t do that yet so can’t be 100% sure.
/e/ OS and Graphene OS are having trouble with certain banking apps already because “it’s not the original firmware” or something. Some people have reported contacting their banks and explaining how to add exceptions for the specific ROMs, but banks don’t give a fuck.
I was hoping instead of emulating a “safe” phone, that there would be some way to modify the application for it to never make the safety request.
MicroG implements Google APIs with minimal tracking. I imagine it will have whatever you mean implemented. Other checks include “update owner” and the presence of Magisk via package name, both of which can be spoofed.
deleted by creator
Don’t forget legal action. Depending on exactly what they are checking and where you live you may have a legal case that they are not allowed to check this. If you don’t have that opportunity contact your legislator (whatever that means for your country) and demand it.
