Google SafetyNet attestation fails due to with CTS profile mismatch

Using /e/OS Settings
, ,
1

I am having issues with some (e.g. banking) apps on my FP3, while a colleague of mine on the same version of /e/OS says the same apps work for him now on his FP4.

So I played around a bit and went to:
Settings ↦ System ↦ MicroG ↦ Self-Check
and everything looks good.

Then I went to:
Settings ↦ System ↦ MicroG ↦ Google SafetyNet ↦ Test SafetyNet attestation
and this is what I get:

Test SafefyNet attestation*
Warning: CTS profile does not match

device: FP3(+)
/e/OS: 0.23-20220406175185
microG: 0.2.24.214816-1

AFAIK the device is not rooted at the moment.

Is this the cause of my issues? And if so, how can I fix it?

3 Likes
2

This workarround works to hide that the android system have been customised by /e/

1 Like
3

Just checked my mum’s FP3 which was still on /e/OS 0.22 and it was fine. Then I updated it to 0.23 and the same bug as with mine.

I bought my FP3 on /e/’s official store pre-installed and I’d rather not mess around and keep my official /e/ ROM.

My colleague with /e/OS-ified FP4 says they don’t have Magisk and also keep their /e/OS ROM pretty stock.

Also just stumbled upon this bug, which might be what I’m experiencing:

Still, thank you very much, @piero, for the tips. I’m sure they will turn out useful to someone (perhaps even me, if I will need to dive into that).

1 Like
4

Can you say if your bootloader is locked?

5

It should be locked, since I bought it from /e/ pre-installed and I haven’t unlocked it myself.

Fastboot Mode says:

  • Product name: FP3
  • Variant: MTP eMMC
  • Secure boot: disabled
  • Device state: locked

Is there anything else I should do to find the relevant info?

1 Like
6

Yes, it’s locked then. So I suppose it’s really a bug (the one you’ve linked above) or its related to “secure boot disabled”? :thinking: But I can’t say how to change that…

1 Like
7

But you give further information here @hook , not in your gitlab report, that a phone on e-0.22 worked and stopped working on e-0.23 !

A good way to define your build briefly in a report, is from Settings > About phone > Android version > /e/ version.

Often long press on /e/ version will copy to clipboard. The fact this happened on stable makes it more serious for reporting.

2 Likes
8

The /e/ version is: /e/ version: 0.23-q-20220406175185-stable-FP3

Added now to the bug report too. Thanks for the reminder.

1 Like
12

I had the same problem on Q-dev. Now on R-dev safety net check passes on the Fairphone 3 (1.0-20220526188878).

13

Works on 1.0 stable FP3(+) for me now, BTW.

14

Hello, does anyone know what the timeline could be of how long SafetyNet passes?

1 Like
15

Test SafefyNet attestation*
Warning: CTS profile does not match

Same problem here with my Samsung S9 (SM-G960F) with /e/OS version 1.1-q-20220630200240-dev-startlte.

microG: 0.2.24.214816-15 (29cd6f9)-noen.

AFAIK my phone is not ROOT. I had installed the os myself on a phone not buy on the murena store. I remember that the Safetynet test was passed with v0.22.

What does it mean to have a CTS profile that does not match?

For the moment my phone works very well.

Any solution ? ? :slight_smile:

1 Like
16

I can report that the SafetyNet test doesn’t pass on my Poco X3 Pro, either :frowning:

My /e/OS version is 1.1-r-20220629200015-dev-vayu
My version of MicroG is 0.2.24.214816-15 (29cd6f9)-noen, same as that of @Nicolas_Sas’.

My phone is definitely not rooted.

1 Like
17

OK with 1.1-r-20220628200015-dev-chiron (no root nor fancy apps :wink: )

18

Had tried it some time ago on FP4 running 1.0 stable with bootloader locked and it passed.

19

It’s nothing you can do, it’s a combination of diffrent factors, mostly micro g and google themself. micro g tries to fool google and google creates new anti measures…

1 Like
20

Thank for your reply. Ok but I definitly not try to relock my bootloader as it can be dangerous for samsung.

21

is that even possible with samsung and eos? that might also be a point locked or not but that I do not know

22

Fair reason.
But in my case it neither worked with an unlocked bootloader.
And well, SafetyNet attestation checks security parameters…
EDIT: Still, attestation passes on a FP4 with unlocked bootloader running v 1.2RC.

1 Like
23

Well I guess there is no solution… However I remember that my phone has already passed the safetynet test in the past.
I must admit that for the moment it won’t change my life nor prevent me from sleeping :slight_smile:

I just wanted to know what could be the consequences of not passing this test (purchase via app, bank app that doesn’t work?)

Thanks for your help :slight_smile: :slight_smile: