Google Pay 2.94 hints at a built-in SafetyNet checker and prepares for Pixel 4 face authentication

Google Pay 2.94 hints at a built-in SafetyNet checker and prepares for Pixel 4 face authentication

This week, Google once again defied expectations by confirming two major features of its upcoming Pixel 4 smartphones: Soli radar gestures and face unlock. Google says the upcoming Pixel’s facial biometrics will be secure enough for mobile payments, and sure enough, the latest version of the Google Pay app hints at support for authenticating payments with your face. Version 2.94 of the app also prepares to add a built-in SafetyNet checker, a tool which will alert the user if their phone cannot be used for payments because it fails attestation.

An APK teardown can often predict features that may arrive in a future update of an application, but it is possible that any of the features we mention here may not make it in a future release. This is because these features are currently unimplemented in the live build and may be pulled at any time by Google in a future build.


Verify SafetyNet Attestation Before Purchases

In order to use Google Pay on Android, your phone must pass several checks employed by the SafetyNet Attestation API in Google Play Services. These checks can include checking the bootloader unlock status, checking for the presence of root binaries, checking for evidence of system-level tampering, etc. For users who root their phones, the only way to use Google Pay is to hide all traces of system tampering. Installing Magisk enables systemless root and using MagiskHide also prevents Google Pay from detecting other evidence of tampering, but you can’t tell if your effort to hide root from Google Pay is successful until you actually try to make a payment. Rather than finding out at the counter, you’ll eventually be able to check whether your phone can make payments before you need to make a purchase.

<string name="attestation_notification_body">Check if your device meets software standards</string>
<string name="attestation_notification_title">Your phone is no longer ready for contactless payments</string>
<string name="fails_attestation_body">"Your phone can’t make contactless payments as it isn't passing security checks. Your phone may be rooted, or running uncertified or custom software. You can still use Google Pay to pay online and send money to friends."</string>
<string name="fails_attestation_title">Your phone doesn’t meet software standards</string>
<string name="passes_attestation_title">Your phone is ready to make contactless payments</string>

Face Authentication for Purchases

As expected, Google is updating its payment app to support new biometric authentication methods. The app currently allows you to authenticate payments using your fingerprint, but it’ll eventually let you use your face if your device supports secure face unlock like the Google Pixel 4.

<string name="p2p_fingerprint_switch_description">Require a confirmation</string>
<string name="p2p_fingerprint_switch_description_alt">Use biometric authentication, like your face or fingerprint, instead of PIN</string>

Google Pay 2.94 is rolling out on the Google Play Store. You can download the app from the Play Store or APKMirror.


Thanks to PNF Software for providing us a license to use JEB Decompiler, a professional-grade reverse engineering tool for Android applications.

Discuss This Story

Want more posts like this delivered to your inbox? Enter your email to be subscribed to our newsletter.

READ THIS NEXT