I am still regularly cracking the banking app from my bank to be able to run it on telephone.
They have decided to rage war against their users by checking for root, safenet and if google spyware framework is installed on android phone, so suddenly I wasn't able to get to my online banking and since one company software is handling all banks in my country (and I would rather stop using banks than start using google spyware ecosystem) they have forced me to remember of my youth and patch the .so in apks.
It was fun and I have to patch a new version every few releases but except from that, my online banking now works. :)
Doesn't safetynet prevent any and all kinds of tampering? I really hate how companies can just enforce that on your own device and you just have to take it.
I remember some multiplayer android games implementing the safetynet check client side and not passing it on to the server. I wouldn't expect a bank to make the same mistake.
They can check for a Google-signed "device integrity" response on the backend, and if they do, that's a game over. The "integrity" is checked by a TrustZone applet, which runs with higher privileges than the Android kernel and has access to the necessary keys.
They have decided to rage war against their users by checking for root, safenet and if google spyware framework is installed on android phone, so suddenly I wasn't able to get to my online banking and since one company software is handling all banks in my country (and I would rather stop using banks than start using google spyware ecosystem) they have forced me to remember of my youth and patch the .so in apks.
It was fun and I have to patch a new version every few releases but except from that, my online banking now works. :)