Last weekend, a huge turmoil swept the root-enthusiast Android community as it was discovered then confirmed that the Netflix app was being blocked from showing up in search results on the Play Store for rooted devices. At the time, Netflix said it was using Widevine to block unsupported devices, but that made no sense to us: the app was still functional if it was sideloaded, it was only not showing up as compatible in the Play Store. So what sorcery was Netflix really using?! Turns out it's a new function of the Google Play Console.
As part of the updates announced for the Play Console at I/O 2017, Google mentions a new Device Catalog section under Release management that lets developers choose with intricate granularity which devices their app supports on the Play Store. Devices can be viewed and excluded by many attributes including RAM and SoC, but the important factor we're interested in is SafetyNet Attestation.
New "Device catalog" lets devs manage the exclusions.
Developers will be able to choose from 3 states shown in the top image: not excluding devices based on SafetyNet, excluding those that don't pass integrity, or excluding the latter plus those that aren't certified by Google. That means any dev could potentially block their apps from showing and being directly installable in the Play Store on devices that are rooted and/or running a custom ROM, as well as on emulators and uncertified devices (think Meizu and its not-so-legal way of getting Play Services and the Play Store on its phones). This is exactly what many of you were afraid would happen after the Play Store app started surfacing a Device certification status.
This is different from the full SafetyNet API implementation that apps like Android Pay and Pokémon Go use. In the case of Pay/Go, the attestation check happens when the app is installed on your phone and doesn't allow it to run unless it passes the integrity test. But in the case of the Play Console, the attestation check happens when you're browsing the Play Store and only affects the availability of the app for your device. If the full SafetyNet API isn't included in the app itself, you will still be able to grab the APK from other sources, install it, and the app will work just fine.
Still, this spells trouble for rooted users and the Android enthusiast community as a whole. Google keeps erecting more and more obstacles each day in the face of root and custom ROMs and even if this won't stop root users who should be knowledgable enough to know how/where to grab an APK and install it, it will make things more and more difficult and maybe less and less worth the trouble. But y'all are rebels and you'll keep on finding a way around it, won't you?
Alternate title: At the root of the Android community's troubles, this SafetyNet catches everything