zlacker

> Well, guess what? People who root their devices and use custom ROMs like LineageOS (myself included) nowadays hide root from bad apps and can pass these checks anyways. I use Google Pay all the time on my OnePlus 11 running an unofficial LineageOS build, thanks to root hiding. Does Google not realize how commonly bypassed Play Integrity is? In fact, it is easy even on Google’s very own Pixel devices, as someone who previously used multiple generations of Pixel devices, including the Pixel 7.

Important to note here that it's only possible to "fool" SafetyNet/Play Integrity because of compatibility with older devices. The strongest Play Integrity level (MEETS_STRONG_INTEGRITY) is simply not possible to fake on a device with an unlocked bootloader, it's just not a big problem right now because most apps do not require it yet, since there are still many old devices that don't pass it, because of missing hardware or outdated android versions.

Eventually, in a few years, a time will come where the number of non-unlocked devices not compatible with MEETS_STRONG_INTEGRITY will be low enough that apps will start requiring it, and that will be the end of bootloader unlocking for most users that still do it.

>>bakugo+(OP)
It seems to me that they plan on "fixing" that bug in this API by requiring hardware attestation from the start.