Conversation

So here we go, after years of fun messing around using Magisk, it seems that Google FINALLY decided to "fix" SafetyNet to something useful, and that is to use key attestation to verify device status (after 3 years since introduced to Android's platform!)

255

816

Replying to

very interesting. Do you have more details on which part of the "device status" are they checking with attestation? I'm curious about how TEE can retrieve info about the overall system in a "trusted" / non hackable way

Replying to

and

I'm curious because even for "basic" things like "getting the real IDs", they need to "creating copies of the device's hardware identifiers that only the Trusted Execution Environment (TEE) can access before the device leaves the factory." ref:

source.android.com

Key and ID Attestation | Android Open Source Project

Replying to

and

and I'm wondering whether they found a way around to get other higher-level "system info" / "device status" in some trusted way...

Replying to

and

They're using a feature that has been available on every single Android 8+ device since those were launched. It's not a new innovation and they didn't find a way around anything. The core functionality of the key attestation features provides what's needed to do this.

1:10 PM · Mar 11, 2020Twitter Web App