The other day I was writing about root access with Nougat and the Pixel and how it had now changed. I also mentioned how clever the developers were in finding fixes and workarounds for issues with root access etc. Then I had also reported on how an unlocked bootloader now trips the SafetyNet making Android Pay not possible with an unlocked bootloader. It appears that my thoughts on the developers at XDA were entirely accurate as this has quickly changed.

In less than two days since Google flicked the switch to lock out unlocked bootloaders from passing the SafetyNet an enterprising developer over at XDA has found a workaround. SafetyNet works by using “verified boot” (a flag within the kernel) to check to see if the bootloader is unlocked. In what seems like a simple fix now, developer Sultanxda has removed support for the verified boot flag from his modified/custom kernel. This prevents the bootloader from passing the unlocked flag to SafetyNet and thus SafetyNet is NOT tripped and it receives the exact same response that it would for an older phone which does not have the verified boot flag within its kernel. The phone thus passes the test and Android Pay can be used. This fix has since been implemented with success into many kernels, including one in testing for the Pixel XL. If you have an unlocked bootloader it is possible to use Android Pay once again, you will just need to flash a custom kernel with this flag removed from it — root access is NOT required.

While this may well be a case of cat and mouse as Google seems hell bent on stopping us from using OUR phones how WE want to. It is a disturbing turn of events, with Google seemingly making root access harder at each OS update. We buy the phones from Google, we do not rent them. We own them so there is an argument that we should be allowed to do with them as we please. Luckily we have the clever folks at XDA to help us to use our phones as we wish to — eventually fixes are usually found. It is just sad that this is what it has come to.

A famous quote I noticed the other day on Reddit, slightly changed for our circumstances, seems very fitting:

First Google came for the poorly coded apps and malware, and I did not speak out—
(Because I know how to uninstall problem apps)
Then Google came for root, and I did not speak out—
(Because I was technical enough to be able to deploy a very smart person’s suhide/magisk solution)
Then Google came for the possibility of modifying anything, and I did not speak out—
(Because I wasn’t so attached to an unlocked bootloader or custom themes)
Then Google came for ADB—and there was no one left to speak.

While Google puts more and more security in place each time there is often eventually a fix. Chainfire recently said that “in the past things have always turned out less dire than expected” and this has certainly been the case with SafetyNet and unlocked bootloaders (for now). Hopefully we can say the same thing for root access on the Pixels very soon.

Source: XDA.
    Inline Feedbacks
    View all comments

    Like DRM Google has to toe the line of locking HCE down to satisfy it’s banking partners – or it will be kept out of the transaction business. Google only has to lock things down enough to pay appropriate lip service. They will tighten it up one update at a time as long as their business partners are feeling jittery about people trying to break pay wave style encryption by messing with the HCE element. The current status quo is about the best you could hope for given how the banks are – just don’t see patterns where they don’t… Read more »


    Precisely…I don’t see why people start this argument about “it’s our phone we should be able to do what we want”….. You still can do what you want with your phone, the bootloader is still unlockable, Google is just restricting you access to a specific APP of theirs when you crack open your phone and open up that APP to being exploited …

    For the record, when that APP is handling banking details, I for one think that’s a good thing.

    Dean Rosolen

    I don’t think ADB will be going away completely as it’s part of the Android SDK tools that developers use to make apps. If anything, Google will probably make the SDK tools require a valid Play Developer Console account to obtain them.