The banking apps I’ve tried don’t require SafetyNet, instead they use Android AOSP’s basicIntegrity
. The latter doesn’t require certification by Google, but also checks whether the device is rooted and the bootloader is locked.
This means custom ROM’s on most devices won’t pass basicIntegrity
, as only Google Pixel, OnePlus and Fairphone allow for relocking the bootloader.
That’s a bummer. Seems like Google Pixel and Fairphone are the only ones left. I don’t even know why manufacturers wouldn’t allow for relocking or even unlocking of their phones. I can’t imagine they make much money with user data and the phone is already paid for. Warranty claims shouldn’t be much of an issue either, as modifications can be easily detected and it’s likely not a relevant amount of people anyway.