Google Pay tests showing SafetyNet status on the home page and protecting Online Purchases with a PIN
Google Pay is slowly becoming a full wallet replacement as it adds support for more forms of payment, more banks, and more card types. To satisfy financial institutions and protect users’ financial data, the Google Pay app uses the SafetyNet Attestation API to verify that the app isn’t running on a device with tampered software. Of course, Magisk root is designed to bypass these checks, but the SafetyNet API checks aren’t static and users may accidentally install a mod or edit a file that causes the API to report a failure in attestation. Due to the way that Google Pay checks the SNet status, users may not know that their device no longer passes SNet until they actually go to make a payment. That could change in the near future, however, as the Google Pay app could add a built-in SafetyNet status checker on the home page.
Back in July, we spotted strings for a new attestation check notification in the Google Pay app. This feature is now fully functional in the latest version. Once it goes live, if your device fails the Attestation API check for whatever reason, you’ll see a message in the home tab that tells you your phone “can’t make contactless payments.” If you tap to “check software,” you’ll receive a more detailed message about why you can’t use Google Pay. For instance, I disabled MagiskHide on my rooted Pixel 2 XL and received the following messages:
When this feature goes live, you can check your device’s SNet status in the Google Pay app beforehand, so you won’t be surprised at the counter when you can’t make a contactless payment. There are plenty of third-party apps on Google Play that can do this, not to mention Magisk Manager’s own built-in SafetyNet checker, but this is just one more way to check if your device passes.
PIN Protect Online Purchases
This next feature, which was first spotted by Jane Manchun Wong, will allow you to toggle PIN protection for every online purchase you make using your Google Account PIN. I was able to surface this setting, but even after entering my Google Account PIN, I was unable to keep this setting enabled through the Google Pay app.
Thanks to PNF Software for providing us a license to use JEB Decompiler, a professional-grade reverse engineering tool for Android applications.