/e/ and SafetyNet

I am a non-technical person trying to use /e/. I recently learned about Google’s SafetyNet for Android here: https://www.androidpolice.com/2020/06/29/googles-dreaded-safetynet-hardware-check-has-been-spotted-in-the-wild/ . The way I understand it, SafetyNet is software - and now starting to be hardware - that Google embeds in the Android OS and devices that, for the stated sake of safety, will “alert” apps that the OS is not “approved” by Google, and thus those apps will not work.

If my above understanding is correct, I am wondering what this means for the /e/ OS in the future, and what it means for individuals’ freedom more generally:

As Google pursues this, in the future won’t this mean that an OS like /e/ will not work because /e/ is obviously making significant changes to the OS that I assume Google would not approve of?

Do you foresee Google making a push for app developers to design their apps to insist on a successful SafetyNet check in order to operate, thus depriving other OSs like /e/ from having any apps that will work with /e/?

Is an OS like /e/ able to neutralize SafetyNet?

Is there a risk that Google could do something more nefarious with SafetyNet: Say Google doesn’t like a certain app - e.g., and ad blocker - so they not only ban it from their app store, they build into SafetyNet code that won’t let the phone run apps that Google just doesn’t like, but are available from other sources? And if so, how could an OS like /e/ deal with that?

I think the key thought in the article is that there might be impending doom … “unless you’re willing to give up apps and services that use SafetyNet”.

If that’s really the only catch, then for a growing number of users this would mean no change at all, because this would change nothing for Apps which don’t use SafetyNet, e.g. /e/'s preinstalled Apps and Open Source Apps from F-Droid or Apps which generally just don’t employ SafetyNet checks.

All the other Apps which use SafetyNet either don’t work on /e/ as it is now anyway, or they work with the help of microG (built-in in /e/) and could fail at any given time when Google change something on their side and microG would have to catch up to the changes again (which really happens from time to time).

So the way to mostly degoogle a phone and have reliably working Apps wouldn’t change at all. It includes getting rid of Apps dependent on Google services.

It doesn’t seem that way.
Google only has to approve of anything regarding an OS if the OS vendor wants to preinstall Google Apps and services with it. Almost every stock Android OS from phone manufacturers does this and thus needs Google certification.

But every Android OS including every Custom ROM Android is based on AOSP. As long as AOSP is there, any phone manufacturer or Custom ROM community or single developer can build something based on it, it’s Open Source.

Nothing to foresee. Google pushes developers to make Apps dependent on Google services already. Not by force, but by making it the convenient way for the developers. To not have an App depend on Google services should need extra effort in general, but I’m no developer, there might be exceptions.

But there’s an ecosystem of Open Source Apps already ready to use. It might not have every App imaginable, but many users already get by with what it offers and don’t use Google-dependent Apps at all.

For Google-dependent Apps to work with it, /e/ has microG built-in. microG mimics Google services for Apps which need them. If microG would find a way to let Apps dependent on them work with the new SafetyNet measures, then nothing much would change.
Might sound unlikely currently, but who knows.

This is dealt with by not using Google-dependent Apps.

Thank you for the detailed reply, your information helps clear up some things for me. One followup question, though:

In the article I referenced, it talks about Google starting to implement what the article calls “hardware-backed SafetyNet attestation”. So, if it is “hardware-backed”, wouldn’t that mean that regardless of AOSP being open source, regardless of what microG can do, etc., in the near future the hardware on the phones will be requiring many - maybe eventually all? - apps to pass this SafetyNet attestation?

Or am I misunderstanding what is meant by “hardware-backed”?

Perhaps the question you could ask yourself shouldn’t be “What darkness could they force onto me in the future?”, but rather “Why didn’t they do something like this already?”

Whether Google or phone vendors theoretically could try to impose more strict control over what the user can do with their OS and their devices is a question independent of SafetyNet being hardware or software, it is more general. And the answer is always: Yes, theoretically they could. But would they do in practice?

They could for instance try to prevent you from installing alternative OSes on their phones easily for a start. Why don’t they all do it? (Huawei tries.)

A huge part of Android’s success is a relative user freedom compared to iOS and to the now long defunct Windows Mobile attempts, even within the constraints of a Google certified Android stock OS you can do and customise a lot. It’s a selling point, it helped Android grow big and users are used to it. Would companies be careless enough to give this up without gain? If some of them did, it probably would be the gain of competitors not following suit … and the gain of Apple.

And the Open Source ecosystem based on AOSP doesn’t go anywhere, and the users in favour of choice don’t go anywhere. Someone will still cater to them with OS and smartphone choices.

And if all else fails … you could already switch to a Linux phone today if you want.

I just don’t see the doom, but this all is just my layman’s understanding and my opinion.

1 Like

This topic was automatically closed after 60 days. New replies are no longer allowed.