> Google doesn't release devices without unlockable bootloaders. They have always been transparent in allowing people to unlock their Nexus and Pixels.
True but misleading. If you unlock your bootloader, you can no longer use a lot of apps, including Snapchat, Netflix, Pokemon Go, Super Mario Run, Android Pay, and most banking apps. And before you say this isn't Google's fault, know that they provide the SafetyNet API, which has no legitimate, ethical use cases, and is what allows all of the aforementioned apps to detect whether the device has been modified, even if the owner doesn't want that.
This really depends on the apps. I have used over 10 banking apps on an Android phone with an unlocked bootloader without ever encountering any issues. On a device rooted using Magisk, the MagiskHide masking feature successfully bypasses the apps' root checks in my experience.
You're right that more advanced forms of hardware attestation would defeat the masking if Google eventually implements them.
I'm hoping that Microsoft's support for Android apps and integration with Amazon Appstore in Windows 11 will hedge against Google's SafetyNet enforcement by making an alternative Android ecosystem (with fewer Google dependencies) more viable. Apps that require SafetyNet would most likely not work on Windows 11.
Obviously anecdotal, but literally none of those examples I care to use on my phone anyway. Overtime, my phone has just become a glorified camera with some messaging features.
I've used banking apps and Google pay on my rooted unlocked phone for several years now. True, I'm still on Android 9, so perhaps it will be worse when I upgrade.
Using Magisk and Magisk Hide.
Though oddly enough, none of my banking/credit card apps make an issue of being rooted, so they're not even in the Magisk Hide list.
That is likely to change in the near future. Hardware attestation of bootloader state is increasingly available. This is currently bypassed by pretending to be an older device that doesn't possess that capability. As long as device bootloaders continue to differentiate between stock and custom OS signing keys it won't be possible to bypass SafetyNet.
Yeah, it seems you are right. I haven't been actively tracking the custom ROM market, but it seems Google is trying really hard to achieve widespread hardware attestation. Or they could just be waiting until all the old devices are off the market, so all of the "Hardware attestation: Unsupported" response cases can be marked as UnlockedBootloader with great confidence.
True but misleading. If you unlock your bootloader, you can no longer use a lot of apps, including Snapchat, Netflix, Pokemon Go, Super Mario Run, Android Pay, and most banking apps. And before you say this isn't Google's fault, know that they provide the SafetyNet API, which has no legitimate, ethical use cases, and is what allows all of the aforementioned apps to detect whether the device has been modified, even if the owner doesn't want that.