Google Pay 2.94 hints at a built-in SafetyNet checker and prepares for Pixel 4 face authentication
This week, Google once again defied expectations by confirming two major features of its upcoming Pixel 4 smartphones: Soli radar gestures and face unlock. Google says the upcoming Pixel’s facial biometrics will be secure enough for mobile payments, and sure enough, the latest version of the Google Pay app hints at support for authenticating payments with your face. Version 2.94 of the app also prepares to add a built-in SafetyNet checker, a tool which will alert the user if their phone cannot be used for payments because it fails attestation.
Verify SafetyNet Attestation Before Purchases
In order to use Google Pay on Android, your phone must pass several checks employed by the SafetyNet Attestation API in Google Play Services. These checks can include checking the bootloader unlock status, checking for the presence of root binaries, checking for evidence of system-level tampering, etc. For users who root their phones, the only way to use Google Pay is to hide all traces of system tampering. Installing Magisk enables systemless root and using MagiskHide also prevents Google Pay from detecting other evidence of tampering, but you can’t tell if your effort to hide root from Google Pay is successful until you actually try to make a payment. Rather than finding out at the counter, you’ll eventually be able to check whether your phone can make payments before you need to make a purchase.
<string name="attestation_notification_body">Check if your device meets software standards</string>\n<string name="attestation_notification_title">Your phone is no longer ready for contactless payments</string>\n<string name="fails_attestation_body">"Your phone can’t make contactless payments as it isn't passing security checks. Your phone may be rooted, or running uncertified or custom software. You can still use Google Pay to pay online and send money to friends."</string>\n<string name="fails_attestation_title">Your phone doesn’t meet software standards</string>\n<string name="passes_attestation_title">Your phone is ready to make contactless payments</string>
Face Authentication for Purchases
As expected, Google is updating its payment app to support new biometric authentication methods. The app currently allows you to authenticate payments using your fingerprint, but it’ll eventually let you use your face if your device supports secure face unlock like the Google Pixel 4.
<string name="p2p_fingerprint_switch_description">Require a confirmation</string>\n<string name="p2p_fingerprint_switch_description_alt">Use biometric authentication, like your face or fingerprint, instead of PIN</string>
Google Pay 2.94 is rolling out on the Google Play Store. You can download the app from the Play Store or APKMirror.
Thanks to PNF Software for providing us a license to use JEB Decompiler, a professional-grade reverse engineering tool for Android applications.