Fake security patch or bug?

Nuno Rocha · Feb 3, 2020

Hello,

I was wondering why magisk was keep saying my phone's security was outdated when it says the security patch is from January 2020.

Screenshot_2020-02-03-11-16-33-569_com.android.settings.jpg

After using some apps like CPU-Z, it says that the android security patch is from November 2019.

Screenshot_2020-02-03-11-17-02-776_com.cpuid.cpu_z.jpg

Screenshot_2020-02-03-11-17-43-567_awdc.androidsecuritypatchchecker.jpg

Screenshot_2020-02-03-11-18-28-095_xzr.La.systemtoolbox.jpg

Alan098765 · Feb 3, 2020

Cpu z say's my phone has Snapdragon 820 and its really a Snapdragon 710,so I'd say the apps wrong

Sent from my MI CC 9 using Tapatalk

Poney70 · Feb 3, 2020

== About Weekly ROMs "fake" Android security patch date ==

In the system "build.prop" file, there are 2 info about the Android security patch date:

1) "ro.build.version.security_patch"
and
2) "ro.build.version.security_patch_real"

First one is used for passing SafetyNet's test => It needs to be combined with the fingerprint_build info taken from a Stable ROM version by Xiaomi, so that's why the date can be old/outdated...

Second one is the real Android security patch date of the ROM and is created by Xiaomi.eu. This one is displayed in phone's settings.

IMPORTANT: Apps like CPU-Z, DevCheck, Microsoft apps, etc. can only read the first one!

Nuno Rocha · Feb 3, 2020

Poney70 said:
In the system "build.prop" file, there are "ro.build.version.security_patch" and "ro.build.version.security_patch_real" info.

First one is used for passing SafetyNet's test (it gives a working fingerprint build date so it can be old on custom ROMs).

Second one is the real Android security patch date of the ROM.

Apps like CPU-Z, DevCheck, etc. read the first one instead of "real". Why? I don't know. ^^

Yeah it's weard but I'm happier now xD thank you

Igor Eisberg · Feb 6, 2020

Poney70 said:
In the system "build.prop" file, there are "ro.build.version.security_patch" and "ro.build.version.security_patch_real" info.

First one is used for passing SafetyNet's test (it gives a working fingerprint build date so it can be old on custom ROMs).

Second one is the real Android security patch date of the ROM.

Apps like CPU-Z, DevCheck, etc. read the first one instead of "real". Why? I don't know. ^^

Because the "real" one was created by us to be used by the system and displayed to the user, while the non-real one is set by us to an older date to pass SafetyNet check.

Nuno Rocha · Feb 6, 2020

Igor Eisberg said:
Because the "real" one was created by us to be used by the system and displayed to the user, while the non-real one is set by us to an older date to pass SafetyNet check.

Thanks a lot once more for you answer

wamy007 · Feb 8, 2020

These are the topics i like.
Some real information in here.
Thanks to all for clearing this out.

Nambarra · Mar 9, 2020

Microsoft's Intune Company Portal seems to read ro.build.version.security_patch and denies me access to my company mail, calendar, skype for business software, OneDrive etc. etc. because of the seemingly outdated Android, which is of course a massive nuisance and makes my phone pretty much useless in my work environment.
Is there a workaround on this?

Poney70 · Mar 9, 2020

Nambarra said:
Microsoft's Intune Company Portal seems to read ro.build.version.security_patch and denies me access to my company mail, calendar, skype for business software, OneDrive etc. etc. because of the seemingly outdated Android, which is of course a massive nuisance and makes my phone pretty much useless in my work environment.
Is there a workaround on this?

Hello, what's your Xiaomi/Redmi device?

Nambarra · Mar 9, 2020

Poney70 said:
Hello, what's your Xiaomi/Redmi device?

Hello Poney, it's Mi 9 Pro 5G

Poney70 · Mar 9, 2020

Nambarra said:
Hello Poney, it's Mi 9 Pro 5G

There is no new official Global ROM for "Mi 9" yet ("Mi 9 Pro 5G" doesn't have Global ROM, only China ROM), latest Android security patch is from Nov, 2019.

To update "ro.build.version.security_patch" date without lose SafetyNet (actually, it may not work because of a very recent update from Google SafetyNet checker, only applied for a few devices for now) you need to set a correct "ro.build.fingerprint"/"ro.system.build.fingerprint" value too.

I really don't recommend to modify these props (=values) in /system/build.prop file directly, specially for "ro.build.version.security_patch", because you may have trouble if you flash a ROM update.

But, if you don't really care of SafetyNet, you can simply modify the security patch date with Magisk => MagiskHide Props Config module (with "custom props" function).

For SafetyNet, you can use - by example - Mi 9T Pro "ro.build.fingerprint" value from V11.0.3.0.QFKMIXM (Global ROM version), it has Jan, 2020 security patch date (use Magisk => MagiskHide Props Config module with "custom props" function).

- Mi 9T Pro "V11.0.3.0.QFKMIXM" props:

ro.system.build.fingerprint = Xiaomi/raphael/raphael:10/QKQ1.190825.002/V11.0.3.0.QFKMIXM:user/release-keys
ro.build.fingerprint = Xiaomi/raphael/raphael:10/QKQ1.190825.002/V11.0.3.0.QFKMIXM:user/release-keys
ro.build.version.security_patch = 2020-01-01

Nambarra · Mar 9, 2020

Poney70 said:
There is no new official Global ROM for "Mi 9" yet ("Mi 9 Pro 5G" doesn't have Global ROM, only China ROM), latest Android security patch is from Nov, 2019.

I know, this is why I flashed the latest developer EU ROM, assuming that this would get rid of the problem, but it still persists. Can this be fixed at all by installing an EU ROM and do I just have to wait until it's properly implemented by the xiaomi.eu developers or will this be a persistent issue (sorry, I'm a noob to this kind of things)?

Poney70 · Mar 9, 2020

Nambarra said:
I know, this is why I flashed the latest developer EU ROM, assuming that this would get rid of the problem, but it still persists. Can this be fixed at all by installing an EU ROM and do I just have to wait until it's properly implemented by the xiaomi.eu developers or will this be a persistent issue (sorry, I'm a noob to this kind of things)?

XIaomi.eu ROMs use "ro.build.fingerprint"/"ro.build.version.security_patch" props from official Global ROM - from your exact device name or something near - to pass SafetyNet and get "certified" device for Google Play.

Do you use Magisk or not? If not, I can create a TWRP zip package to edit /system/build.prop but you may need to flash it after ROM update (if your phone bootloop).

EDIT: XIaomi.eu devs can use latest Mi 9T Pro Global ROM props instead of Mi 9 in next release to avoid old security patch date detection. Ask @ingbrzy

Nambarra · Mar 9, 2020

Poney70 said:
EDIT: XIaomi.eu devs can use latest Mi 9T Pro Global ROM props instead of Mi 9 in next release to avoid old security patch date detection. Ask @ingbrzy

Great, thank you, then I cross my fingers and wait for the next release

Ah, and forgot to mention - SafetyNet check fails anyway (CTS profile match fails) despite not having my phone rooted

Search

Search

Fake security patch or bug?

Nuno Rocha

Members

Alan098765

Members

Poney70

Donator

Nuno Rocha

Members

Igor Eisberg

Lead Developer

Nuno Rocha

Members

wamy007

Members

Nambarra

Members

Poney70

Donator

Nambarra

Members

Poney70

Donator

Nambarra

Members

Poney70

Donator

Nambarra

Members

Similar threads

We value your privacy