latest
Some people aren't able to tap and pay with Google Wallet right now
An error says they're using rooted devices when they're clearly not
Some Google Wallet users have been tapping at the tills only to find that they aren't able to pay because of a security issue. This is happening despite those users saying that they haven't rooted their device or even tampered with the bootloader.
Google's getting rid of SafetyNet Attestation, but the root and ROM crowd shouldn't celebrate yet
The new Play Integrity API is taking over for SafetyNet in the next two years, and it does all the same things (and more)
Google's new Play Integrity API was first announced at the Google for Games Developer Summit last year. Originally presented as a way to prevent cheating, its utility has expanded in recent documentation to overlap and expand on everything that the SafetyNet APIs did to ensure that an app and device are trustworthy, unmodified, and probably safe from malicious or fraudulent interactions — in short, developers can likely trust that nothing bad or weird is going on. Knowing that, today's news is hardly surprising, but Google has announced that the SafetyNet Attestation API will be deprecated by 2024 in favor of the new Play Integrity API.
OnePlus 9 and 9 Pro get launch-day patch that fixes PD charging issue and Google Pay
Plus camera improvements and a bunch of other fixes
The OnePlus 9 and 9 Pro are officially available starting today — though OnePlus has been selling and apparently shipping devices already, today "pre-order" on the website has changed to "buy." Although the pair of phones already got a pre-launch update just last week, a new one is coming down the pipe today, fixing two known issues for the OnePlus 9 and 9 Pro related to PD charging with certain specific chargers and contactless payments — among plenty of other fixes.
Google's dreaded SafetyNet hardware check has been spotted in the wild
The end of an era — unless a solution is found
If you're part of the root and ROM Android enthusiast crowd, then you probably freaked out a bit back in March when it was revealed Google's SafetyNet check was getting a hardware-backed component with no easy workaround. Now, these changes have been spotted live in the wild, and some phones are already using hardware-backed SafetyNet attestation. Cue "the end is nigh" wailing.
Latest SafetyNet improvements threaten to finally kill Magisk Hide
The developer has overcome other big obstacles before, though
Read update
Magisk and Google have been playing a game of cat and mouse for years: Google's SafetyNet technology is supposed to be triggered when it notices a rooted device, but MagiskHide does its best to keep banking apps, Pokémon Go, and other root-despising applications going, no matter what you do with your phone. However, the latest update to SafetyNet, apparently rolling out via the Play Services, seems to put an end to the game permanently. Magisk developer John Wu isn't convinced he'll find a solution that would keep his tool intact once Google fully implements the change.
Read update
- From the outset this looked to be a temporary situation, and we're happy to say that a resolution is already arriving. Google was quick to latch on to reports of this bug, and as of now the issue with Beta 3 and Pay should be resolved.
Beta releases tend to have bugs, and this latest one from Android Q Beta 3 might be a bit unfortunate for those of you who use contactless payments. Many on Beta 3 are reporting that Google Pay is broken, presumably because of a SafetyNet issue similar to the one from Android P DP4 last year.
Android P is shaping up to be a pretty sizable milestone for the platform, but although the beta releases have been surprisingly stable, they aren't without bugs. They are "previews" after all, and in the latest image, there is one small regression worth noting: SafetyNet tests are failing. As a result, services like Google Pay which check for device security using SafetyNet are also broken, though not every phone on the latest previews is affected. According to a few recent reports, a server-side fix for the issue may be rolling out.
This May, Netflix started blocking rooted and unlocked devices from downloading the company's app on Google Play. It was an unfortunate restriction that locked out many people and stirred up a lot of anger. Over the last week, some of us at AP have started noticing the app reappearing, even though our devices still don't pass SafetyNet/Google Play device certification.
Read update
- It turns out that there were a few things broken in the first release for the Pixels. If you were having any trouble with your Magisk modules, the newly-released 14.2 should fix all of that. You can upgrade easily via the Magisk Manager app, which should prompt you on launch. Or you can download the latest version in the Zip package at this thread.
Hot off his recent vacation, Magisk developer topjohnwu has released a beta version of Magisk (v14.1) that works with the Pixel phones. We've even installed it on one of our own Pixel XLs and, well, it works. This is probably one of the oldest requests users have had for Magisk, and now it's here. Best of all, it works without a custom recovery, and (allegedly) survives OTA.
Read update
- Google has replaced the .017 images with .019 at both the OTA downloads site and the factory images site, so you shouldn't end up with the broken images by accident, should you flash one of them. If you needed the full images for some reason, or you just don't like sideloading OTAs, you've also got the option of full factory images now.
Update-woes continue. A recent OTA (OPR6.170623.017) for the Nexus 6P appears to have broken SafetyNet and, subsequently, things like Android Pay. Thankfully, there's a fix. All you need to do is update to a slightly newer build (OPR6.170623.019), and we've even got a link if you'd rather not wait.
Users looking to hide their root status from being detected by things like SafetyNet now have one more option available, aside from Magisk. Chainfire, the original developer of the closed-source root solution SuperSU, has released v1.0 of suhide. This latest incarnation is "completely different from the old version," but should work about the same for the end-user.
This is becoming a common refrain, but Magisk has been updated to bypass SafetyNet, again. Just a few days ago Magisk developer topjohnwu told us that he was hard at work on a fix. While he wasn't able to provide a firm date at the time, he may have over delivered on his promise of "soon." The latest update, v13.3, escapes SafetyNet detection. Your Magisk Manager app should prompt you for an update sometime soon.
If you are a Magisk user, and you fired up Pokemon Go or Android Pay today just to be met with an error message, you aren't alone. The game of cat and rooted mouse continues, as Google's detection methods have expanded again to catch Magisk 13.2, which is the latest version. But, Magisk developer topjohnwu expects to have things fixed soon.
Read update
- There's a bug-fix release out now, 13.2, that fixes a few issues you may have run into on 13.1. Some Marshmallow devices were having a bit of trouble getting root, as well as a few other miscellaneous problems with things like MagiskHide. You can download the latest version the same way as before, either as an update via the Magisk Manager app or over at XDA.
Yesterday prolific XDA developer topjohnwu released a new stable version of Magisk (v13.1) which includes all the changes from the beta release v13, like Android O support and a new SafetyNet workaround. With the latest update, you can go back to using the more advanced features of Magisk, while still hiding root. But most users won't notice any significant differences in this recent release, other than things just working. With all the recent SafetyNet changes, that's a fantastic achievement.
Last weekend, a huge turmoil swept the root-enthusiast Android community as it was discovered then confirmed that the Netflix app was being blocked from showing up in search results on the Play Store for rooted devices. At the time, Netflix said it was using Widevine to block unsupported devices, but that made no sense to us: the app was still functional if it was sideloaded, it was only not showing up as compatible in the Play Store. So what sorcery was Netflix really using?! Turns out it's a new function of the Google Play Console.
Read update
- Google has re-uploaded the factory image and OTA file for the update. They are the exact same files as before, and judging by reports of Android Pay now working on the update, it seems Google has temporarily disabled SafetyNet on the Nexus 6 while the root cause is being addressed.
The Nexus 6 just recently reached the end of mainstream software support from Google, but it is still receiving monthly security updates. The latest OTA, which included the March security fixes, seems to have broken SafetyNet - which in turn, disabled Android Pay.
The SafetyNet API is the bane of root and custom ROM users everywhere. For those unfamiliar, it is part of the Google Play Services API that is designed to detect modified devices. If your system is tampered with in any way, be it rooted or a custom ROM, the SafetyNet check will fail. Android Pay, among other applications, uses this API and will fail to run if SafetyNet fails.
If you've got a rooted Android device and you're a Pokémon master, chances are that you've heard that the 0.37 update to Pokémon GO completely disabled the game for devices with root access and/or custom software. We made a guide on how to circumvent the SafetyNet check that Pokémon GO and Android Pay use with Magisk, but it might get bothersome to constantly toggle root on and off. Now, there's an app that lets you launch those apps without the slightly annoying root toggle.
Hiding your root status from apps that refuse to work when you are rooted—like Android Pay—is a cat and mouse game that enthusiasts have been losing lately. Chainfire, the developer who has become the main source of advances in rooting, announced today a new way to work around Android apps' ability to detect the root status of a device. The app, called suhide, works but comes with a number of caveats.