Conversation

I didn't realize Android verified apps on boot. I had a silly patch for Twitter (done by directly hexediting one of the overlay APKs on-device, because I'm lazy) and it worked fine until I rebooted, then Twitter disappeared. Or is this some Play Services verification thing?

Replying to

there's a popular mod for the youtube app to unlock paid features that seems to work fine?

Replying to

If you mod apps the "right" way with your own signature then obviously that works fine (though the app can tell and SafetyNet etc will fail).

Replying to

and

Can also detect this via the hardware keystore attestation API. Unlike SafetyNet, that's not easy to bypass especially if you can do pairing rather than trusting the root after the initial check. It's part of what we use for our Auditor app: attestation.app/about.

attestation.app

Auditor overview

Overview of the Auditor Android app and associated service.

Replying to

and

In the past you could bypass safetynet if you could modified the odex file since safetynet only checked the APK. Yes I know you normally don’t have write perms on the odex.

Replying to

and

Auditor has android:useEmbeddedDex="true": github.com/GrapheneOS/Aud For GrapheneOS, it's also bundled into the OS and pre-optimized inside the OS image like other system apps. It's currently possible to install out-of-band updates though so that property is important.

github.com

Auditor/AndroidManifest.xml at main · GrapheneOS/Auditor

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verificati...

10:34 PM · Jun 25, 2021Twitter Web App