SafetyNet is a protection system built into Android that you don’t need to know about until there is a problem with it and some applications stop working. We will see what is this SafetyNet and what is it for.

First we will see what exactly this security test is and what it is used for, and then tell you how can you see if your mobile passes the test and what cases can cause a mobile to fail the test.

What is SafetyNet and what is it for?

Diagram of the operation of Safety Net, which sends the information of the device to the Google servers to obtain the answer

Google defines SafetyNet as ones services and API to avoid abuse. Application developers can use this API to determine if the connection to the servers is genuine, from a genuine application and on a genuine device.

SafetyNet is a system that app developers have to check if the device is genuine, without modifications

I mean, what it does is check device hardware and software to verify that its integrity has not been compromised, comparing the current state with the reference data collected during the compatibility test (CTS).

This is not a DRM or strict anti-cheat system for games, but rather of a system integrity check which compares that the system remains the same as when it passed the compatibility tests. These tests are made up of a multitude of small tests to detect incompatibilities and that cover areas such as permissions or interaction between different APIs.

Android CTS compatibility test scheme

It is not a root detector either, even though rooted devices will not pass the test. This is because the results returned by SafetyNet are ambiguous and are limited to saying whether the test has passed or not, but not for what reason.

Regarding its use, SafetyNet is used by developers to check overall system safety. It is these developers who must implement it in their applications and act accordingly.

For example, a bank application may not work unless the device passes SafetyNet. In fact, it already happens with Google Pay. Other developers can directly choose not to show their apps on Google Play on devices that do not pass the test, as happens with Netflix.

How to know if your mobile passes SafetyNet

The easiest way to check if your mobile passes the SafetyNet check is to install an app that does the checking. There are several on Google Play that do the job, the most popular being the simple SafetyNet Test.

The app literally has a single button, so all you have to do is tap on Run test. The test in question takes a second and shows very clearly if it has been passed or not. Some additional details are listed at the bottom of the window.

Safety Net Request . It is the request for the test itself. If it is not carried out, the test is not even carried out (for example, if you do not have an Internet connection).

Response signature validation . It is the validation of the test result, which comes from Google’s servers.

Basic integrity . It is the basic integrity test, somewhat more permissive than the following. Developers can determine if they want their apps to continue working if at least this level of integrity is passed.

CTS profile match. It is the most stringent test, which only gives true when the device is established as genuine and certified according to the CTS certification.

SafetyNet Test

Why the test may fail

As we mentioned before, the SafetyNet test does not help developers know with certainty if your mobile is rooted or what is wrong with it, but rather returns true or false, without explaining why. Now, the reasons why it returns true or false are specific and are the following:

Test “CTS Profile Match” Test “Basic Integrity” Certified and genuine device according to CTS True True Certified device with unlocked bootloader Fake True Genuine uncertified device (because the manufacturer has not certified it) Fake True Device with custom ROM, no root Fake True Emulator Fake Fake It is not a device but a script Fake Fake Signs of a compromised system, such as a rooted system Fake Fake Other signs of seizures Fake Fake

Thus, the test itself consists of two levels and can fail for all of the above reasonsHowever, the application that does the test will not know exactly what the case is, but only that it failed.

This means that the strictest test will give an error. if the device has an unlocked ROM or bootloader, although the basic integrity test is somewhat more permissive and will pass in the previous cases. In what they both agree is in the root: a rooted device or with similar modifications does not pass any of the tests.