Google SafetyNet attestation fails due to with CTS profile mismatch

Using /e/OS Settings
, ,
#1

I am having issues with some (e.g. banking) apps on my FP3, while a colleague of mine on the same version of /e/OS says the same apps work for him now on his FP4.

So I played around a bit and went to:
Settings ↦ System ↦ MicroG ↦ Self-Check
and everything looks good.

Then I went to:
Settings ↦ System ↦ MicroG ↦ Google SafetyNet ↦ Test SafetyNet attestation
and this is what I get:

Test SafefyNet attestation*
Warning: CTS profile does not match

device: FP3(+)
/e/OS: 0.23-20220406175185
microG: 0.2.24.214816-1

AFAIK the device is not rooted at the moment.

Is this the cause of my issues? And if so, how can I fix it?

2 Likes
#2

This workarround works to hide that the android system have been customised by /e/

1 Like
#3

Just checked my mum’s FP3 which was still on /e/OS 0.22 and it was fine. Then I updated it to 0.23 and the same bug as with mine.

I bought my FP3 on /e/’s official store pre-installed and I’d rather not mess around and keep my official /e/ ROM.

My colleague with /e/OS-ified FP4 says they don’t have Magisk and also keep their /e/OS ROM pretty stock.

Also just stumbled upon this bug, which might be what I’m experiencing:

Still, thank you very much, @piero, for the tips. I’m sure they will turn out useful to someone (perhaps even me, if I will need to dive into that).

1 Like
#4

Can you say if your bootloader is locked?

#5

It should be locked, since I bought it from /e/ pre-installed and I haven’t unlocked it myself.

Fastboot Mode says:

  • Product name: FP3
  • Variant: MTP eMMC
  • Secure boot: disabled
  • Device state: locked

Is there anything else I should do to find the relevant info?

1 Like
#6

Yes, it’s locked then. So I suppose it’s really a bug (the one you’ve linked above) or its related to “secure boot disabled”? :thinking: But I can’t say how to change that…

1 Like
#7

But you give further information here @hook , not in your gitlab report, that a phone on e-0.22 worked and stopped working on e-0.23 !

A good way to define your build briefly in a report, is from Settings > About phone > Android version > /e/ version.

Often long press on /e/ version will copy to clipboard. The fact this happened on stable makes it more serious for reporting.

2 Likes
#8

The /e/ version is: /e/ version: 0.23-q-20220406175185-stable-FP3

Added now to the bug report too. Thanks for the reminder.

1 Like
#12

I had the same problem on Q-dev. Now on R-dev safety net check passes on the Fairphone 3 (1.0-20220526188878).

#13

Works on 1.0 stable FP3(+) for me now, BTW.