← Back to context

Comment by nocturn9x

4 days ago

This is a load of BS. First off, SafetyNet is long dead and its replacement is called Play Integrity. Second, I'm currently on a rooted af Samsung Z Flip5 that can use banking apps just fine. My primary bank doesn't even block functionality if you use root, and all the others (except Revolut, which is a tough one) are easy to hide root from, and there's plenty of ways to pass even the strictest Play Integrity checks.

3 comments

nocturn9x

Reply
gruez  4 days ago

>and there's plenty of ways to pass even the strictest Play Integrity checks.

Examples? My impression is that strong integrity is hard to spoof because it's validated through hardware attestation.

  • 306bobby  4 days ago

    By taking the hardware keys of a compromised device and using it to emulate key master calls

    See TrickyStore for more info

    • gruez  4 days ago

      How do you get unrevoked keys? Searching around it seems like there aren't any public sources for said keys, and they're only available in semi-public telegram channels. Even then, it's a cat and mouse game, and the more popular the key, the more likely it'll get revoked.