The current SafetyNet situation and custom ROMs

Not open for further replies.


Aug 11, 2021
Questions about the current SafetyNet situation:
1. Does a bootloader unlock really trip SafetyNet by itself?
2. Do the ROMs trip SafetyNet or do they not?
3. Does flashing a custom
3a. boot
3b. system
3c. recovery trip SafetyNet?
4. Does booting a custom system image without flashing it trip SafetyNet?
4a. What if vbmeta is present?

ROMs "without" SafetyNet:
5. Hardware attestation can be downgraded to Basic, right?
5a. Could Google mitigate this?
6. SafetyNet is just an API the running apps can call, right?
6a. If so, could a custom ROM be made that just always lies to all apps about attestation? Or even just a Magisk module?
6b. If so, why hasn't it been done yet?

ROMs with root:
7. Is it true that there are no ROMs that are already rooted out of the box?
7a. Why is that?
8. Are there really no custom ROMs with baked-in Magisk?
8a. Why aren't there any?
If the previous answers were No and No:
9. This might not be an elegant solution, but couldn't the following be done?
9a. Flash a ROM
9b. Flash Magisk
9c. Set up MagiskHide/Zygisk/MagiskHidePropsConfig
9d. Basic testing
9e. Dump resuling image

I understand these question might sound stupid to someone with the experience to answer them.
However, I couldn't find any answers to some of these.
A pre-rooted custom ROM "without" SafetyNet sounds like it would be popular if done.
our ROM pass SafetyNet and it is not pre-rooted.. nothing more to say..
our ROM pass SafetyNet and it is not pre-rooted.. nothing more to say..
Except for question 2, this post is about all Android custom ROM development in general, not only
Not open for further replies.