Android apps report Sailfish as rooted and unsafe

Recently number of android apps started to complain about me having insecure device. I tracked it down to having android image having “test-keys” string in build properties.

There is an nice app to verify it: https://play.google.com/store/apps/details?id=com.scottyab.rootbeer.sample

My current solution is good old unsquash / patch / squash we already did here https://github.com/yeoldegrove/sailfish-signature-spoofing-lxc, but it means each time Android is updated I need to patch it over and over.

Does anybody have better ideas?

1 Like

Seems to be in the pipeline…

4 Likes

Has the problem really been solved? In 4.4, two banking apps still don’t work. SecureGo and Renaultbank.

3 Likes

I also have one app that still complains, it is “mObywatel”, a Polish Government app with electronic version of your documents.
I think 4.3 fixed some apps detecting SFOS as rooted, but some apps still complain about it being AOSP?

1 Like

I also still have that issue with 4.4.0.58. Does it have to do with developer mode enabled? Or allowing 3rd party apps? Or being on EA? Any help would be much appreciated, as it seems, I am forced to use SecureGo by one of my banks somtime in summer.

2 Likes

I have the problem on 4.4.0.54 with an experia 10iii. The app is the danish mitid https://play.google.com/store/apps/details?id=dk.mitid.app.android
developer mode was not active when i tried the app

1 Like

Installing the VR securego plus app I also get the message that it is rooted and unsecure.
xperia 10
os 4.4.0.64

Same with the Santander banking app hete in the UK. This used to work, but now doesn’t anymore on the latest SFOS 4.4.0.64. It complains the phone has been modified and is unsafe, by which I assume it means rooted.

When I asked the support of my government app, they said the app is blocked on non-official ROMs. This is their answer, not sure how they could possibly detect that.
SFOS is not rooted, the only thing apps can detect is that it is using AOSP and the bootloader is unlocked. And I think the bootloader is actually the problem.

It uses at least an unlocked bootloader and it’s in my opinon the problem.

Presumably if that is the case then the problem is not solvable? I’m sure I read somewhere that either you can’t relock the boot loader after installing Sailfish, or if you do Sailfish won’t work at all - can’t remember which.

Yeah, you can’t lock the bootloader again. But maybe you can hide that fact from the apps?

1 Like

Magisk App is able to do this.

1 Like

Are you suggesting, that you can relock the bootloader with Sailfish installed, and it actually boots after this? Have you tried it?

1 Like

It seems you can hide the fact bootloader is unlocked from apps with Magisk App. Worth a try.
Another thing is how the apps check that. If they use Google’s Safetynet, then you at least need to have MicroG, and hope that works. And that is also the app you would need to hide that from.

1 Like

Ok, i see. This was new for me. I really hope i don’t run into apps that start nagging about the bootloader. The current signed Android has made banking etc possible for me.

1 Like

App failures could be due to a number of problems; the app could check bootloader and if unlocked refuse to run or it could see if the device passes safetynet. With googles move to hw attestation nothing Jolla can do to pass that.

1 Like

oh yes, they can choose to start some programming! like native sailfish apps!

1 Like

Um no. Jolla isn’t going to make a banking app specifically for you.

But you could write a web wrapper for your bank website.

To date Jolla have concentrated their programming effort on the core OS and the ‘standard PIM’ productivity apps such as mail, messages, calendar, contacts, documents, browser, etc.

I think it is unlikely they will ever go beyond this brief.

As far as I am aware there are no commercial companies developing apps for Sailfish - the small user base for the OS probably wouldn’t make this commercially viable. There is no ‘paid apps’ store model either.

The majority of app development therefore comes from the voluntary community according to criteria like (a) what interests the individual app developer or what they themselves need, (b) what they think may be of widespread interest or use to other users, and (c) what they are actually able to do (e.g. some apps might be very difficult to develop because of closed APIs, licensing, etc).

I can’t see this position changing in the foreseeable future, so specialised native apps like banking apps for individual banks are unlikely I think.

2 Likes