Hi,
With my unlocked bootloader, the SafetNet from Google fails even though I have microG with DroidGuard Helper. Since recently we can’t anymore hide the apps working with SafetyNet with magisk. My device is nonrooted.
So I would want to relock my bootloader while /e/ is installed, but I’m afraid of what might happen (like a hardbrick). I read that OnePlus allows to relock the bootloader on custom Roms, and I read here that the user Hawk just relocked the bootloader with fastboot and it works.
Hi, thanks !
So I can say good bye to SafetyNet with /e/ installed ? Because there are apps unusable without SafetyNet On XDA, someone has relocked his bootloader one OP3 and he says SafetyNet works.
Blockquote
How to re-lock your bootloader with LineageOS 17.x
First the WHY;
A locked bootloader is needed to pass safetynet api if you do not want to install Magisk.
Passing Safetynet is needed for many things like banking apps, Gpay, installing Netflix etc…
So you can do it the ‘Magisk’ way which is also giving you a rooted device, or re-lock the bootloader again.
This is only working with a signed ROM and TWRP!
And now the HOW:
For anyone who wants to use Lineage 17.1 with locked bootloader; this is what I did and is working:
flash SAR TWRP (fastboot flash recovery twrp-3.3.1-system-as-root-oneplus3.img)
Format /data and wipe the rest
Do an OEM LOCK by fastboot (fastboot devices, fastboot oem lock >> choose NO on your phone, this is a bug in OnePlus firmware and actually means YES)
flash the whole stuff from within Recovery after copying the needed files to sdcard:
- latest firmware
- latest Lineage 17.1 build
reboot into system
set a password
encrypt the device
In developer settings:
- disable OEM unlock
- disable ADB
reboot into system and configured the rest
The result;
Re-locked bootloader, warning screen on boot gone (of course) and Lineage working fine without any issues!
But I’m not a pro at these things that’s why I ask if it would be possible with /e/ rom ?
Because if I can’t have SafetyNet I think I will go back to stock ROM and that would be sad ahah
(I was wondering whether the /e/phones we can buy are sold with an unlocked or locked bootloader ? )
Sorry for my late reply, i kind of forgot
So, yes it seems the official /e/ Rom are not signed. By re-locking my bootloader it goes to the red warning “your device is corrupt”. That’s why everyone on the net says not to do it. But with OnePlus (idk if with other brands it’s possible), I can relock it afterwards with a button combination to go into fastboot mode and then using fastboot with the terminal.
So in conclusion, I didn’t found a way to have SafetyNet working on /e/ :
Magisk hide can’t make it work
If SafetyNet fails because of an unlocked bootloader, we can’t have it working because the /e/ Rom aren’t signed apparently.
I went back to the OxygenOS stock rom on my OP7, and I removed all the google software (with the root), unless the GooglePlay Services. I use only F-droid and Aurora Store.
Now my rom is now signed, i still have my bootloader unlocked and NOW magisk hide works perfectly because SafetyNet works.
Thus I think (although I don’t know much about it) Google makes SafetyNet fail on all the phones with a custom Rom (they want the people to stay on their stock ROM, where they can still steal your data ahah )
So “maybe” if I sign myself my rom (like here), Magisk Hide could work … (But that’s pure speculation, it’s a very complicated field and again I don’t know how it works precisely)
Does anyone knows ?
And I was wondering, as the fairphones sold by /e/ have their bootloader unlocked, does Safetynet work on them?
The Fairphone 3 sold by /e/ has a locked bootloader, bur SafetyNet doesn’t work because MicroG isn’t able to bypass the SafetyNet certification anymore (for almost a year). And it’s the same thing for every custom ROM without Google apps installed on it.
)