Min menu


How to fix SafetyNet in easy steps

Since the Android operating sys universal is made by Googl, which distributes versions to mobile phones companies, and through them, we instal applications from the Google Play Store, which need the Google Play services package to work without problems.

Here comes Safety net, which is related to Google Play services and its mission is to monitor the operating syst, collect data, and send reports to Googl when modifying anything in the operating syst. An example of this: flashing Custom files, root, or Custom recovery.

Whereas, when modifying the Android operating sys, whether by rooting the mobil or other files, the Safety Net system will report an amendment to the file and folder permissions and immediately classify the sys as a custom system.

After SafetyNet detects that there is an Andro mod, it will send data to the appl and tell them the mobil is secure, so that non-rooted appl like Android Pay or Snapchat cannot be opened in the mobile.

I think everyone knows what Safety Net is and now we're coming to ways to solve the Attestatiom failed (basiclntegrity-cts Profile).

How to fix SafetyNet

Root can be hidden with Magisk, but not bootloader status

MagiskHide used to build an isolated environment to hide root and bootloader status and thus transfer SafetyNet before this update.
However, once the latest hardware attestation has been implemented on a computer, this would no longer be feasible. As a result, Magisk Hide won't be able to fake the checked boot status any longer.
However, if an app just scans for Root or other userspace changes, Magisk would be able to mask them in the same way it did before. However, if it tests the bootloader status, there's nothing it can do right away.

Verify the SafetyNet's hardware-backed attestation is turned on

This new attestation approach is implemented by Google by a server-side upgrade, rather than a software update to the smartphones. Furthermore, not all Android devices are subject to hardware attention at this time. The move is being phased out gradually and at random, regardless of smartphone type, area, Android edition, or other variables.
Open the Magisk Manager software and click the ‘Check SafetyNet' button to see if hardware attestation is activated on your Android device.
The latest evalType sector should have one of the following values in the results:
1.BASIC: If the assessment is based on standard signals and reference results,
2.HARDWARE: For SafetyNet evaluation, if hardware-backed key attestation is used.
A new parameter, evaluationType, has been introduced to represent core attestation in SafetyNet responses. It essentially “provides details about the kinds of metrics used to compute fields like ctsProfileMatch and basicIntegrity for a specific response,” according to Google.
That's exactly how Magisk Manager determines whether or not hardware-based attestation is activated. So, if the findings indicate HARDWARE, it means that enforces hardware-backed attestation for SafetyNet.

Notice that this new attestation approach is only applicable to Android 8.0 and higher smartphones. Since legacy devices lack a stable isolated environment, they are unable to use the modern attestation process. If you're using one of these devices, you'll be able to pass SafetyNet without issue.

Guide: How to fix SafetyNet (cts)

Steps must be followed to avoid method failure:

The first method:

1-Enable MagiskHide: Open the Magisk Manger app settings, then activate the MagiskHide option. Then, from the Hide Magisk Manger option, type any name you want for the list of hidden apps, then OK. It will take several seconds to create the list.

2-Now we will select the applications that we want to hide from the shield at the bottom of the screen.
From the Superuse tab we open MagisHide, Then the applications installed on the device will be shown.
We search for Google Play services and then enable all services associated with it.

The second method:

First, download all the files below
Transfer all files to the device, then open the Magisk Manager application from the bottom of the screen and click on the modules icon.
A new window will appear to install modules. Click on Install from storage.
Install plugin riru-v23.4 then go back to the install interface again and install EdXposed-SandHook-v0.5.1.4 plugin.
Close the Magisk Manger app and install the following apps: EdXposedManager-4.5.7 and HiddenCore Module.
Open the EdXposedManager app you will see an error screen Xposed framework is not installed.

Restart the device and then open the EdXposedManager application. You will see that the error has been fixed and the phrase "X posed framework is active" will appear.

From the side menu click on modules, then activate the HiddenCore Module application. Then, restart the device.
Open the Magisk Manager app then check Safetynet again and you will notice that there are no security issues.

We come to the conclusion of the currently available methods, in case there is any new, we will add them to this article. These methods have been used on the versions of Android Oreo, Pie and Q and they work %100.
In case you encounter any problems, you can always contact us and we will be happy to answer you and solve your problem.