Sultanxda Bypasses New SafetyNet Unlocked Bootloader Check on Latest CM13 Builds for OP3

Sultanxda Bypasses New SafetyNet Unlocked Bootloader Check on Latest CM13 Builds for OP3

Google’s SafetyNet has been a huge thorn in the side of anyone who wants to use Android Pay while having full control over their phones. Until recently, it has mostly been about disabling Android Pay on devices with Root, but a couple days ago, Google took it one step further — they are triggering SafetyNet even on devices with unlocked bootloaders.

Thankfully, just like how Chainfire’s systemless Root has temporarily bypassed the root restrictions imposed by SafetyNet a couple of times (as has topjohnwu’s open source Magisk, an interface for systemless modding and Xposed), Sultanxda has found a temporary patch for the unlocked bootloader issue, which he has included in his latest builds of CyanogenMod 13 for the OnePlus 3.


How it works is that SafetyNet usually checks to see if the bootloader is unlocked through the use of verified boot, a feature which has only been around in Android since KitKat, and is not yet supported by every device (a feature which has become increasingly aggressive with Android 7.0 Nougat, even blocking traditional root methods on the Pixel phones). In order to support those older phones that don’t have the hardware required to support verified boot, SafetyNet fails to green if it doesn’t get any response from the verified boot test.

But as the saying goes, XDA always finds a way:

In order to bypass this, Sultanxda removed support for the verified boot flag from his modified kernel, thereby preventing the bootloader from passing the flag to SafetyNet. This gives SafetyNet the same response it would expect to see from a device that doesn’t support verified boot at a hardware level, and as a result SafetyNet allows the device to pass the test.

While this is not a permanent fix (and none before it have proven to be), it should allow people to bypass SafetyNet until Google finds a way to patch this security hole. Thankfully, this particular security hole looks like it could take Google a while to fix, but it is a shame to our enthusiast and developer community that Google is taking these steps in the first place.

People having root support for their own computers is standard for the Linux and macOS worlds (as is admin access for Windows personal computers, although it is not quite the same thing), and yet Google feels that we cannot be trusted with control over our own devices (not shipping with it by default, and taking steps to prevent people from using it). They act as if it is a device managed by them, rather than a device bought from them. Thankfully people like Sultanxda, Chainfire, and topjohnwu are here today to help restore the features taken from us, but what will happen in the future?

Spread the word about this patch so that others can enjoy it on their devices too!

About author

Steven Zimmerman
Steven Zimmerman

Steven grew up wishing he could take the internet everywhere with him. His first smartphone was an HTC Legend, and he's been tinkering and playing with Android ever since. With a background in accounting, he strives to bring a unique perspective to the tech journalism world.

We are reader supported. External links may earn us a commission.