The number one reason why a huge armada of loyal fans gathered around Android is the fact that it’s wide open by design. Users chose Android over another mobile OS simply because they can explore and exploit almost every layer of it. As you can imagine, the thought that an end-user can penetrate almost every layer of Android can be perceived by Google’s enterprise customers as a security issue.
I’m guessing you’re starting to notice Google’s clear conflict of interest by now. If Google chose to stay its ground and keep the OS wide open, banking apps and a whole lot of apps with DRM protected content would feel vulnerable and start pivoting towards more secure environments.
But if they caved to the pressure and limit the things rooters and modders liked doing, they would have taken away the number one reason why users choose Android over iOS.
SafetyNet came to satisfy the needs of Google’s big enterprise customers, but some members of the Android rooting community are furious. But do they have a reason to be in an uproar?
The idea behind SafetyNet came in 2014 when Google was under a lot of pressure from big companies conducting business on Android. They felt that Android was simply not secure enough for them to allow their employees to use Android on their private networks.
At that time, general apps and personal data were not fully separate from the proprietary data that the company might have needed to install on the device.
To silence this issue, Google partnered with Samsung to bring KNOX security features to Android.
Among the new security measures introduced by KNOX was Android Verified Boot(AVB), which is essentially the first layer to the complex security system we now refer to as SafetyNet.
What is SafetyNet?
SafetyNet borrowed on many of AVB principles by facilitating an API that would enable apps to see if the AVB processes have been bypassed or if the device has been tampered with in any way.
You can see why SafetyNet is a potential roadblock for rooted devices. Since rooted users have full access to the file system, they could potentially copy proprietary files. But SafetyNet can tell if a device is rooted, so it reports this to security apps.
With SafetyNet, banking apps and DRM-protected content providers sleep a whole lot easier knowing that the proprietary data is 100% sandboxed, hence they have an increased trust in the security of Android.
Netflix expressed concerns that rooted users might be bypassing their DRM to the point of saving pirated copies of their content. But with SafetyNet, they can just check to see if the device is rooted, and if it is, they could simply refuse to run on that particular device.
How is SafetyNet not a bad thing for modders & rooters?
At first glance, it certainly seems like end-users like you and me are getting screwed, but there’s more to the story.
Most root methods available on Android involve using Fastboot or a custom recovery image which lets you install root binaries on your device. But that’s not done by making use of a security issue. In reality, FastBoot is actually provided by Google with the express purpose of flashing or booting from image files.
If they would have wanted to take the easy route, Google could have chosen to remove Fastboot and OEM unlocking altogether. That way they wouldn’t have to worry about their enterprise clients, but user rooting would have been severely limited. The fact that Google chooses to spend countless man-hours and a large sum of money in creating SafetyNet shows that the tech giant understands how important root is for end-users.
As things stand right now, users have two options. They can either choose to maintain a stock OS and use the apps that make use of SafetyNet, or enjoy the complete root experience at the expense of loosing access to some apps. This compromise managed to keep app makers happy without completely taking away our ability to root.
Coincidentally or not, because Google maintained Fastboot flashing and custom recovery images, the Android community has almost instantly found a way to bypass SafetyNet on rooted devices.
Let us know your opinion about SafetyNet in the comment section below.