Fake security patch or bug?


Nuno Rocha

Members
19 Mar 2014
525
92
Hello,

I was wondering why magisk was keep saying my phone's security was outdated when it says the security patch is from January 2020.
Screenshot_2020-02-03-11-16-33-569_com.android.settings.jpg

After using some apps like CPU-Z, it says that the android security patch is from November 2019.
Screenshot_2020-02-03-11-17-02-776_com.cpuid.cpu_z.jpg
Screenshot_2020-02-03-11-17-43-567_awdc.androidsecuritypatchchecker.jpg
Screenshot_2020-02-03-11-18-28-095_xzr.La.systemtoolbox.jpg
 
Last edited:
  • Like
Reactions: Birraque
Cpu z say's my phone has Snapdragon 820 and its really a Snapdragon 710,so I'd say the apps wrong

Sent from my MI CC 9 using Tapatalk
 
== About Weekly ROMs "fake" Android security patch date ==

In the system "build.prop" file, there are 2 info about the Android security patch date:

1) "ro.build.version.security_patch"
and
2) "ro.build.version.security_patch_real"

First one is used for passing SafetyNet's test => It needs to be combined with the fingerprint_build info taken from a Stable ROM version by Xiaomi, so that's why the date can be old/outdated... :(

Second one is the real Android security patch date of the ROM and is created by Xiaomi.eu. This one is displayed in phone's settings. :)

IMPORTANT: Apps like CPU-Z, DevCheck, Microsoft apps, etc. can only read the first one! ;)
 
Last edited:
In the system "build.prop" file, there are "ro.build.version.security_patch" and "ro.build.version.security_patch_real" info.

First one is used for passing SafetyNet's test (it gives a working fingerprint build date so it can be old on custom ROMs).

Second one is the real Android security patch date of the ROM.

Apps like CPU-Z, DevCheck, etc. read the first one instead of "real". Why? I don't know. ^^
Yeah it's weard but I'm happier now xD thank you
 
In the system "build.prop" file, there are "ro.build.version.security_patch" and "ro.build.version.security_patch_real" info.

First one is used for passing SafetyNet's test (it gives a working fingerprint build date so it can be old on custom ROMs).

Second one is the real Android security patch date of the ROM.

Apps like CPU-Z, DevCheck, etc. read the first one instead of "real". Why? I don't know. ^^
Because the "real" one was created by us to be used by the system and displayed to the user, while the non-real one is set by us to an older date to pass SafetyNet check.
 
Microsoft's Intune Company Portal seems to read ro.build.version.security_patch and denies me access to my company mail, calendar, skype for business software, OneDrive etc. etc. because of the seemingly outdated Android, which is of course a massive nuisance and makes my phone pretty much useless in my work environment.
Is there a workaround on this?
 
Microsoft's Intune Company Portal seems to read ro.build.version.security_patch and denies me access to my company mail, calendar, skype for business software, OneDrive etc. etc. because of the seemingly outdated Android, which is of course a massive nuisance and makes my phone pretty much useless in my work environment.
Is there a workaround on this?

Hello, what's your Xiaomi/Redmi device?
 
Hello Poney, it's Mi 9 Pro 5G

There is no new official Global ROM for "Mi 9" yet ("Mi 9 Pro 5G" doesn't have Global ROM, only China ROM), latest Android security patch is from Nov, 2019. :(

To update "ro.build.version.security_patch" date without lose SafetyNet (actually, it may not work because of a very recent update from Google SafetyNet checker, only applied for a few devices for now) you need to set a correct "ro.build.fingerprint"/"ro.system.build.fingerprint" value too.

I really don't recommend to modify these props (=values) in /system/build.prop file directly, specially for "ro.build.version.security_patch", because you may have trouble if you flash a ROM update. ;)

But, if you don't really care of SafetyNet, you can simply modify the security patch date with Magisk => MagiskHide Props Config module (with "custom props" function).

For SafetyNet, you can use - by example - Mi 9T Pro "ro.build.fingerprint" value from V11.0.3.0.QFKMIXM (Global ROM version), it has Jan, 2020 security patch date (use Magisk => MagiskHide Props Config module with "custom props" function).

- Mi 9T Pro "V11.0.3.0.QFKMIXM" props:

ro.system.build.fingerprint = Xiaomi/raphael/raphael:10/QKQ1.190825.002/V11.0.3.0.QFKMIXM:user/release-keys
ro.build.fingerprint = Xiaomi/raphael/raphael:10/QKQ1.190825.002/V11.0.3.0.QFKMIXM:user/release-keys
ro.build.version.security_patch = 2020-01-01

:)
 
Last edited:
There is no new official Global ROM for "Mi 9" yet ("Mi 9 Pro 5G" doesn't have Global ROM, only China ROM), latest Android security patch is from Nov, 2019. :(
I know, this is why I flashed the latest developer EU ROM, assuming that this would get rid of the problem, but it still persists. Can this be fixed at all by installing an EU ROM and do I just have to wait until it's properly implemented by the xiaomi.eu developers or will this be a persistent issue (sorry, I'm a noob to this kind of things)?
 
I know, this is why I flashed the latest developer EU ROM, assuming that this would get rid of the problem, but it still persists. Can this be fixed at all by installing an EU ROM and do I just have to wait until it's properly implemented by the xiaomi.eu developers or will this be a persistent issue (sorry, I'm a noob to this kind of things)?
XIaomi.eu ROMs use "ro.build.fingerprint"/"ro.build.version.security_patch" props from official Global ROM - from your exact device name or something near - to pass SafetyNet and get "certified" device for Google Play.

Do you use Magisk or not? If not, I can create a TWRP zip package to edit /system/build.prop but you may need to flash it after ROM update (if your phone bootloop).

EDIT: XIaomi.eu devs can use latest Mi 9T Pro Global ROM props instead of Mi 9 in next release to avoid old security patch date detection. Ask @ingbrzy :D
 
Last edited:
EDIT: XIaomi.eu devs can use latest Mi 9T Pro Global ROM props instead of Mi 9 in next release to avoid old security patch date detection. Ask @ingbrzy :D

Great, thank you, then I cross my fingers and wait for the next release ;)

Ah, and forgot to mention - SafetyNet check fails anyway (CTS profile match fails) despite not having my phone rooted
 
Last edited: