Why the SafetyNet API Exists
During the development of Android Pay, the SafetyNet API was created by Google to check multiple aspects of a device – namely, whether or not it’s been tampered with. This means if you’ve rooted your Android device or installed a custom ROM, the SafetyNet API is able to detect it, and with many applications, prevent your device from using the app. As explained by a Google Engineer, SafetyNet was developed alongside Android Pay to ensure the highest-possible level of security for a user’s credentials and payment information. Specifically, Android uses a large degree of “sandboxing” in an unmodified form, but rooting breaks that sandboxing, and Google cannot guarantee the security of one’s data on a rooted device. Android Pay doesn’t work on rooted devices, especially since that could make Google indirectly responsible for fraud or stolen data. However, there are a few other reasons a non-rooted device may get blocked.
My Phone Is Not Rooted, Why Am I Getting an Error?
Namely, any device that isn’t CTS Compatible will not work with apps that require a positive SafetyNet check. CTS stands for “Compatibility Test Suite,” which is required of all devices that ship with Google Play Store and other Google Apps. This means if you’ve flashed a custom ROM or ordered a cheap device from overseas that doesn’t have CTS compatibility (because it’s not officially licensed!), SafetyNet will still block your usage of certain applications and services. Additionally, SafetyNet is also able to detect if your device is infected with some form of malware. Even if you have official Google support and haven’t rooted or flashed, a very real security problem may be preventing you from using your device with certain apps – at which point you’ll want to look into some solutions to get it removed.
Can You Circumvent SafetyNet and Other APIs Like It?
Yes and no. Many solutions exist to bypass SafetyNet and other APIs, but they usually only work very briefly before being quickly patched out. Due to the constantly-changing nature of this conflict, we won’t be linking any applications or services made to circumvent SafetyNet, and we also claim no responsibility for anything that happens to you or your device as a result of you attempting to circumvent it.
You May Need to Unroot
Finally, the hard truth comes out: you may just need to unroot and flash your phone back to its original factory image. While it’s a bummer to miss out on all the great features provided by a rooted, unlocked device, if you really need to play games like Pokemon Go or use Android/Samsung Pay, you’ll need to properly secure your device first. The alternative is messing with unproven, potentially dangerous solutions to circumvent SafetyNet and similar APIs … or simply not using the apps that require it. Fortunately, that’s mostly relegated to mobile payment apps for the time being, so if you don’t need to use your phone for everything, you might just be fine.