Android apps report Sailfish as rooted and unsafe

vermut · 28 October 2021 18:52

Recently number of android apps started to complain about me having insecure device. I tracked it down to having android image having “test-keys” string in build properties.

There is an nice app to verify it: https://play.google.com/store/apps/details?id=com.scottyab.rootbeer.sample

My current solution is good old unsquash / patch / squash we already did here https://github.com/yeoldegrove/sailfish-signature-spoofing-lxc, but it means each time Android is updated I need to patch it over and over.

Does anybody have better ideas?

attah · 28 October 2021 18:54

Seems to be in the pipeline…

teletubbie · 29 April 2022 20:35

Has the problem really been solved? In 4.4, two banking apps still don’t work. SecureGo and Renaultbank.

JacekJagosz · 29 April 2022 22:30

I also have one app that still complains, it is “mObywatel”, a Polish Government app with electronic version of your documents.
I think 4.3 fixed some apps detecting SFOS as rooted, but some apps still complain about it being AOSP?

naytsyrhc · 9 May 2022 14:04

I also still have that issue with 4.4.0.58. Does it have to do with developer mode enabled? Or allowing 3rd party apps? Or being on EA? Any help would be much appreciated, as it seems, I am forced to use SecureGo by one of my banks somtime in summer.

shrikello · 1 June 2022 10:25

I have the problem on 4.4.0.54 with an experia 10iii. The app is the danish mitid https://play.google.com/store/apps/details?id=dk.mitid.app.android
developer mode was not active when i tried the app

Sirous · 13 June 2022 09:53

Installing the VR securego plus app I also get the message that it is rooted and unsecure.
xperia 10
os 4.4.0.64

Steve_Everett · 13 June 2022 10:05

Same with the Santander banking app hete in the UK. This used to work, but now doesn’t anymore on the latest SFOS 4.4.0.64. It complains the phone has been modified and is unsafe, by which I assume it means rooted.

JacekJagosz · 13 June 2022 10:44

When I asked the support of my government app, they said the app is blocked on non-official ROMs. This is their answer, not sure how they could possibly detect that.
SFOS is not rooted, the only thing apps can detect is that it is using AOSP and the bootloader is unlocked. And I think the bootloader is actually the problem.

pherjung · 13 June 2022 12:23

It uses at least an unlocked bootloader and it’s in my opinon the problem.

Steve_Everett · 13 June 2022 12:48

Presumably if that is the case then the problem is not solvable? I’m sure I read somewhere that either you can’t relock the boot loader after installing Sailfish, or if you do Sailfish won’t work at all - can’t remember which.

JacekJagosz · 13 June 2022 16:34

Yeah, you can’t lock the bootloader again. But maybe you can hide that fact from the apps?

pherjung · 13 June 2022 20:43

Magisk App is able to do this.

Blumenkraft · 14 June 2022 04:11

Are you suggesting, that you can relock the bootloader with Sailfish installed, and it actually boots after this? Have you tried it?

JacekJagosz · 14 June 2022 06:45

It seems you can hide the fact bootloader is unlocked from apps with Magisk App. Worth a try.
Another thing is how the apps check that. If they use Google’s Safetynet, then you at least need to have MicroG, and hope that works. And that is also the app you would need to hide that from.

Blumenkraft · 14 June 2022 07:09

Ok, i see. This was new for me. I really hope i don’t run into apps that start nagging about the bootloader. The current signed Android has made banking etc possible for me.

Sword11 · 15 June 2022 01:19

App failures could be due to a number of problems; the app could check bootloader and if unlocked refuse to run or it could see if the device passes safetynet. With googles move to hw attestation nothing Jolla can do to pass that.

GeorgeFulger · 15 June 2022 19:19

oh yes, they can choose to start some programming! like native sailfish apps!

Sword11 · 15 June 2022 19:47

Um no. Jolla isn’t going to make a banking app specifically for you.

But you could write a web wrapper for your bank website.

Steve_Everett · 16 June 2022 13:11

To date Jolla have concentrated their programming effort on the core OS and the ‘standard PIM’ productivity apps such as mail, messages, calendar, contacts, documents, browser, etc.

I think it is unlikely they will ever go beyond this brief.

As far as I am aware there are no commercial companies developing apps for Sailfish - the small user base for the OS probably wouldn’t make this commercially viable. There is no ‘paid apps’ store model either.

The majority of app development therefore comes from the voluntary community according to criteria like (a) what interests the individual app developer or what they themselves need, (b) what they think may be of widespread interest or use to other users, and (c) what they are actually able to do (e.g. some apps might be very difficult to develop because of closed APIs, licensing, etc).

I can’t see this position changing in the foreseeable future, so specialised native apps like banking apps for individual banks are unlikely I think.