• filter:
  • Page :
  • 1
  • Text Only
  • Search this Topic »
Voting History
rated:
Google has made a significant change to how Android Pay works and this will most likely impact other things like Banking Apps on Android. 

Very frustrating that Google hasn't put anything out on this yet, but here is where it was first discussed on Reddit this past week.
https://www.reddit.com/r/Android/comments/587ss9/psa_android_safetynet_now_tripped_by_unlocking/ 

I, like most people, tried to use Android Pay this past week and had it not 'work'.  For me, it's because my bootloader was unlocked.  I have stock ROM from Google, but only unlock the bootloader so I can use a custom recovery to perform a full nandroid backup (the easiest backup to restore from).

While the bottom line is that Android Pay will stop working on anything other than the Google blessed stock ROM, even something as simple as unlocking your bootloader will trip Safety Net and prevent Android Pay from working, even if you are on an unrooted, unmodified, stock rom.  You can check your bootloader status with the little gray padlock that shows at the bottom during bootup (open=unlocked, closed=locked).

Personally, I feel this might be a set back for Android Pay adoption as there is only about a 1-2 year window for Android support on most phones.  After 2 years, you are stuck on the old, outdated Andrdoid if you want Android Pay.  If you want an up to date custom rom, you probably won't get anything but web browser based banking on it.

As an Android Lover, it's hard to admit this, but Apple supports their handsets for 4-6 years, long enough for the hardware to truly be outdated.

Member Summary
Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

rated:
I'm not sure i agree with your concerns and comparisons against apple. Although they do support their handsets, they don't support them as rooted and they don't support third party apps they don't thoroughly vet themselves. Google is a much better platform for multiple developers, uncertified developers, custom applications and the instructions are easy to come by for people who have no idea what they're doing. I think this is a necessary safety step for a feature that could potentially, if hacked, cost someone a good chunk of change.

Thanks for the post though, it's enlightening and i'll be looking more into it now that it's been brought up. 

rated:
Have you looked to see if there are any Xposed framework modules to fix this?

I haven't looked into this in the past few months, but the last time I attempted to use Google's payment service on a rooted device I could not until I installed some type of root cloaking module.

I think this makes mostly good sense since a rooted phone is extremely dangerous were it to be compromised, you wouldn't want it to steal your payment data. The card distributors/payment processors were probably a part of this decision because they won't get on board with Google Pay if it means lots of stolen/fradulent charges. Since it is relatively easy to root many Androids, this would be a major concern.

That being said, there should be a way to turn off these checks after agreeing to some additional terms or something similar.

rated:
Too bad, but I do understand why Google did this also. In my case, I kept an old Nexus 4 completely stock just to use Android Pay (for example for some promos). But it kind of defeats the purpose of using Android Pay as my daily driver Nexus 6P no longer supports it since like you I have an unlocked bootloader.

I agree 100% about nandroid backup being the most effective way to recover from disaster -- I too could live without root or custom ROM if Google made some sort of similar functionality built in. Maybe they will work in that direction with standard recovery, but I'm guessing not since it's still a small portion of the public that worries about stuff like this.

rated:
BenH said:   Have you looked to see if there are any Xposed framework modules to fix this?

I haven't looked into this in the past few months, but the last time I attempted to use Google's payment service on a rooted device I could not until I installed some type of root cloaking module.

I think this makes mostly good sense since a rooted phone is extremely dangerous were it to be compromised, you wouldn't want it to steal your payment data. The card distributors/payment processors were probably a part of this decision because they won't get on board with Google Pay if it means lots of stolen/fradulent charges. Since it is relatively easy to root many Androids, this would be a major concern.

That being said, there should be a way to turn off these checks after agreeing to some additional terms or something similar.

  There are reports of some convoluted combinations where you can get it to still work (something like suhide, some other xposed modules, rooted phone through Everoot but not Magisk) but the Bootloader check has become a huge hurdle.  My Nexus 6P has been rooted since they day I got it and never got Android Pay to work on it.  I was fine with that since Android Wallet, back then, still let you use credit cards but once they took that feature out, I was SOL.  

rated:
Xposed doesn't work on Marshmallow. And Android Pay has never worked on custom ROMs.

rated:
Xposed has worked on Marshmallow for a long while now.  It's not compatible with Nougat which is the current version of Android e.g. 7.0

rated:
gatzdon said:   Google has made a significant change to how Android Pay works and this will most likely impact other things like Banking Apps on Android. 

Very frustrating that Google hasn't put anything out on this yet, but here is where it was first discussed on Reddit this past week.
https://www.reddit.com/r/Android/comments/587ss9/psa_android_safetynet_now_tripped_by_unlocking/ 

I, like most people, tried to use Android Pay this past week and had it not 'work'.  For me, it's because my bootloader was unlocked.  I have stock ROM from Google, but only unlock the bootloader so I can use a custom recovery to perform a full nandroid backup (the easiest backup to restore from).

While the bottom line is that Android Pay will stop working on anything other than the Google blessed stock ROM, even something as simple as unlocking your bootloader will trip Safety Net and prevent Android Pay from working, even if you are on an unrooted, unmodified, stock rom.  You can check your bootloader status with the little gray padlock that shows at the bottom during bootup (open=unlocked, closed=locked).

Personally, I feel this might be a set back for Android Pay adoption as there is only about a 1-2 year window for Android support on most phones.  After 2 years, you are stuck on the old, outdated Andrdoid if you want Android Pay.  If you want an up to date custom rom, you probably won't get anything but web browser based banking on it.

As an Android Lover, it's hard to admit this, but Apple supports their handsets for 4-6 years, long enough for the hardware to truly be outdated.

  Yeah...not sure why are you whining? Ask the same from Apple. I guess not even 1% android user knows the meaning of bootloader.

rated:
This is a security issue.  A BIG one.  I'm not an Android user, but as an iPhone user, I refuse to jailbreak my phone because the security risks aren't worth it.  I always update all of my devices.  Sure, I don't have any of the customization that comes with jailbreaking, but I value security over customization.

 

rated:
RailroadTrack said:   This is a security issue.  A BIG one.  I'm not an Android user, but as an iPhone user, I refuse to jailbreak my phone because the security risks aren't worth it.  I always update all of my devices.  Sure, I don't have any of the customization that comes with jailbreaking, but I value security over customization.

 

Add stability of the default ROM to this list.

rated:
There is a kernel patch that is now incorporated into at least one of the major kernels (francokernel) that works with Nexus 6P on Android 6.0.1 and 7.0 (not 7.1, yet, until the kernel sources drop) and CM13 which will 'bypass' said bootloader check (for now).

Source: http://www.xda-developers.com/sultanxda-bypasses-new-safetynet-u...

rated:
luiset83 said:   There is a kernel patch that is now incorporated into at least one of the major kernels (francokernel) that works with Nexus 6P on Android 6.0.1 and 7.0 (not 7.1, yet, until the kernel sources drop) and CM13 which will 'bypass' said bootloader check (for now).

Source: http://www.xda-developers.com/sultanxda-bypasses-new-safetynet-u...



Will we still need magisk with the Franco kernel?

Thanks, I am also in the same boat on my 6p

rated:
gatzdon said:   Personally, I feel this might be a set back for Android Pay adoption as there is only about a 1-2 year window for Android support on most phones.  After 2 years, you are stuck on the old, outdated Andrdoid if you want Android Pay.  If you want an up to date custom rom, you probably won't get anything but web browser based banking on it.

As an Android Lover, it's hard to admit this, but Apple supports their handsets for 4-6 years, long enough for the hardware to truly be outdated.
 

  Thanks OP for the heads up on this topic.  I have rooted devices and I don't really trust them with credentials for things like banking.  I think Google may be taking the right step.  Those that want it will have it one way or another. Those of us that use rooted devices and want to use Google pay are probably few in numbers. I doubt this will affect the number of Google Pay users by very much. 

It's not Google that isn't supporting the devices.  It's the carriers and phone manufacturers that don't.  The Android ecosystem is very different from IOS.  Apple controls almost everything from bottom up.  The diversity you get with Android comes with certain costs.  Hopefully the new Pixel line that is a bottom up Google phone will receive better support.

rated:
lillazyfats81 said:   
luiset83 said:   There is a kernel patch that is now incorporated into at least one of the major kernels (francokernel) that works with Nexus 6P on Android 6.0.1 and 7.0 (not 7.1, yet, until the kernel sources drop) and CM13 which will 'bypass' said bootloader check (for now).

Source: http://www.xda-developers.com/sultanxda-bypasses-new-safetynet-u...



Will we still need magisk with the Franco kernel?

Thanks, I am also in the same boat on my 6p

  No need for Magisk unless you're using it for Xposed on 6.0.1. Xposed isn't compatible yet w/ Nougat

rated:
Just to be clear, this is not about rooting. (At least not anymore as of last week). I don't root my phones and never expected to be caught up on this.

A decent article on SafetyNet and where Google is going.
https://www.google.com/amp/www.howtogeek.com/241012/safetynet-ex...

The prediction in that article is coming to fruition. Google controls everything they need to and will keep going deeper into the phone than any developer can to detect unauthorized modifications and fail SafetyNet.

You can have a custom ROM and not be rooted.

I apologise for injecting opinion into my original post. The PSA message here is that going forward, don't expect Android Pay or any banking apps on any phone with a custom ROM, custom recovery, or even an unlocked bootloader.

Bottom line, Safety Net status is available to any App developer and any App could choose to stop working on a phone with an unlocked bootloader, custom ROM, or any other aspect Google chooses to check in the future.

  • Quick Reply:  Have something quick to contribute? Just reply below and you're done! hide Quick Reply
     
    Click here for full-featured reply.


Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2016