Earlier this week, it was discovered that the Netflix app on the Google Play Store was preventing users with rooted devices from installing the app. It was assumed the block was caused by changes to the app’s DRM. Android Police has discovered that it’s much worse than that. Google is now giving app developers the option to prevent rooted devices from installing their apps.
There is a new “SafetyNet exclusion” option in Google’s developer console that, when selected by the developer, prevents “devices that fail integrity tests or those that are uncertified by Google” from installing apps. This essentially blocks rooted device’s and those running custom ROMs from installing certain apps.
It is likely this new developer option that Netflix enabled which is preventing rooted devices from installing the Netflix app from the Google Play Store. The good news is the new option does not modify the app itself. It just controls the Google Play Store’s distribution of the app.
Those with rooted devices can still use apps that enable the new option, like Netflix, if they’re able to acquire the apps from 3rd-party sources. For a feature that’s meant to improve safety on Android devices, it seems counter intuitive that Google is now essentially forcing a subset of Android users to seek apps from unauthorized sources.
This change does not currently affect the Fire TV platform or Amazon appstore in any way, but it could lead Amazon to adopt a similar developer option if enough apps, like Netflix, demand it.
This is becoming insanity.
I picked Android as my OS of choice on my devices primarily because I do not buy into the walled garden style of iOS. With an open source OS, I have always felt much more in control of my Android experience than I have on other mobile OSes.
When this all began (certain apps prevented from being used on rooted devices) I could see some sort of direct utility:
Android Pay – of course! There are some serious implications of running a rooted device with an app that has a direct link to your payment methods.
Pokemon Go – I was on the fence here, but at least I could see the developers’ idea of blocking location spoofing.
Netflix – I am still angry about this, but I recognize that Netflix does not deserve to shoulder all of the blame here. Akin to their VPN blocking, the archaic rules of content producers forced Netflix to either play ball or lose a good chunk of their library. Still, I feel as though a greater fight could have been put up. This will only drive users back to piracy, which ironically, Netflix was doing an excellent job of combating up until the VPN/rooting issues.
…but now? Giving any arbitrary developer the ability to block rooted devices from using their app? This is going too far, in my opinion. What is to stop essentially ever developer from blocking rooted devices for good or for bad? Nothing.
I would hazard a guess that the vast majority of Android users do not even know what rooting a device is let alone the utility of it. However, the developer and hobbyist community has grown by leaps and bounds over the past decade and this demographic should not be penalized.
There of course needs to be a balance struck between app security and user freedom, but this news shows the scale is clearly becoming unbalanced.
Should I be penalized for wanting my device to act as I wish it to? Of course not. I do understand though, that once I leave the parameters of how an app or OS should act, I null my right to support from the original developer, as I am no longer using the product as designed.
What of apps that require root to fully work? Something as innocuous as Titanium Backup (10,000,000 – 50,000,000 downloads on the Play Store too FYI) will be unfairly penalized because of this move.
Much like the cat and mouse game computing security is, this will only drive users to find new, undetectable, rooting methods (E.g. Magisk) to make their OS fit their vision. This all flies in the face of what the open source community was built upon. If Google wants to weaken security on Android by forcing users to sideload APKs from who only knows where, they are doing a fine job of it.
“What of apps that require root to fully work? Something as innocuous as Titanium Backup (10,000,000 – 50,000,000 downloads on the Play Store too FYI) will be unfairly penalized because of this move.”
As I read it, the option is one enabled by the developer, so in the example here they simply wouldn’t enable that option. Google isn’t restricting apps from rooted devices but they are providing developers the ability to do so, which is entirely fair.
Of course. Perhaps I should have worded that paragraph differently.
What I mean by that is people who seek to utilize a great backup app, like Titanium Backup, will have to make the decision between doing so and potentially losing access to numerous other apps, or stay unrooted but lose the ability to use Titanium Backup.
While I know this is a decision every rooted user makes now, it will only get worse with Google pushing the ability for app restrictions based on root status. While those apps are only a handful now, I can see them growing exponentially.
TBH, I have no objection to the Google Play Store offering this option to developers. I used to root my devices, however I found that the experience simply wasn’t worth the hassle. The APK world as grown exponentially over the past few years, and as such, many of the apps are now available on all of the major player’s platforms: Android, Amazon, Apple, even Microsoft. And in cases where an app requires root, there are so many other non-root required app alternatives that do the job just as well. I’ve been non-rooted for over 3 years now and I don’t feel as if my experience has suffered as a result. In fact, just the opposite, as I no longer have the headache of re-rooting my devices whenever I need to perform a fresh install of the OS or when an update to the OS is pushed by the manufacturer.
Summary: It doesn’t affect me so I don’t object to it affecting others.
Addendum: If it does affect you, use the device as you’re told, and use apps that are approved instead of apps that you want.
Ok, got it, you’re not us. Some of us want to actually /own/ the devices we paid for, not just use it with permission in the narrow manner that is approved by the seller. Heck, we might even want to continue using it after the seller decrees its time that people buy their newer model by discontinuing security updates on the previous one.
We might even want to use the Netflix service that we’re paying for on this device that we own.
Call us.. I don’t know… customers for lack of a better term.
But we get it. You’re not us. They’re not coming for for you, so you don’t object.
I can see Trumps salvation all over your face. You should get on your knees for netflix as well.
Wow Roger, you clearly have some… preoccupations with some things there…
Thanks for joining our discussion on the FireTV and rooting.
I use my phones, tablets, and computers like my car or microwave. I have no time, interest, or reason to root my car or anyother devices. I use my devices to accomplish tasks. My real money comes from my productive time, not re-engineering my devices. If a device does not accomplish the task, I get one that does. I would suspect most Google Playstore users, like me, will have no problem with this change.
I think a lot of folks out there would agree with your sentiment, Norman.
I do pose one question, however. What happens when essentially all Play Store app developers make the move to block rooted devices, for logical or illogical reasons? While we are a long way away from such an event like this from occurring, this does raise the hypothetical question of, where do you turn to once >no< device works as you truly desire?
Sure, it can be Android Pay and Netflix today, but what about Nova Launcher tomorrow? What if Google's version of Android becomes so akin to iOS that they wish to never allow you to stray from their vision of the OS?
I can safely say that mainstream Android releases have come a long way from it's inception and has even incorporated some features that were only once found in custom ROMs. But why should users settle for what software engineers at Google deem to be the best Android experience?
Should I not be able to customize my phone as I can with a variety of other products without penalty? I am honestly open ears for why some apps deem rooting to be undesirable.
You say that your productivity creates money for you, correct? Fair enough. But as a productivity oriented type person, do you not owe it to yourself to find the most efficient means to an ends technologically speaking?
What if you find an amazing app that can create some of the most intricate gesture shortcuts that can open a variety of things? What if it requires root (for whatever reason) and you have to make the choice between productivity and choice?
Yes, yes. I know. You would probably say you would go and find another app to fill the void, but alas, there are many versatile functions within Android that require root and those productivity shortcuts would now be barred from you.
You may have zero interest in rooting or "re-engineering" your devices, but there are millions of us out there that bought into the Android ecosystem solely for that flexibility it offers.
The thing about amazing apps, if amazing they will quickly follow the money. My experience, rooted apps, once they get traction, not long until they are on every device. App folks do not make apps for the fun of it.
Customizing systems poses higher risks for all of us. Great you want to have that right, but what if your efforts cause problems for the larger user base. You going to take financial responsibility if your system is part of a bot network doing great damage? I understand some rooters are very responsible, many bad people and people with limited skills in system security are not. Opening Pandora’s Box, with consequences for all users.
You know by tuning (rooting) the VW diesel computers you will get significant better mileage. The environment takes a hit, but you save money. Limited access to systems is not their to punish the user, their to protect all users.
Hey Norman, thanks for the reply. I appreciate your viewpoints on this, but still had some thoughts myself:
“The thing about amazing apps, if amazing they will quickly follow the money. My experience, rooted apps, once they get traction, not long until they are on every device. App folks do not make apps for the fun of it.”
I would like to point out some apps that require root to work at the high level of functionality they do. What of Titanium Backup, the gold standard of Android backups, that can achieve a level of granularity that other third party apps cannot? What of Adaway that needs access to the hosts file to block some of the advertising malware that is becoming an epidemic on mobile devices? Quite simply, some apps that require root will not make it to the mainstream for that reason alone and will rely upon purchases and donations.
“Customizing systems poses higher risks for all of us. Great you want to have that right, but what if your efforts cause problems for the larger user base. You going to take financial responsibility if your system is part of a bot network doing great damage?”
>Poorly done< system customization can pose higher risks for people, not system customization alone. Using that line of logic, I should have all things locked down that could potentially become a problem for the general populous. What of vehicles that have long since passed a safety inspection and could have shot brakes, rusted out floor panels, and bald tires? Anyone out there could be driving a vehicle like that. Does that necessitate everyone be treated as such a driver? Of course not.
As per financial responsibility, I do not see how victim blaming would be applicable here. Do I have to lock my front door every evening? No. Is it a good idea? Of course. If I choose to not lock my front door, that is my choice. If someone burglarizes my home, I can certainly see how I could have secured my home better but that does not negate the crime of the burglar in the first place. Would the police fail to prosecute this criminal based on me not fortifying my property? Of course not. Why should someone be held financial responsible for a bot not that had not been created by them? What of people who stayed up to date on the firmware for devices but the manufacturer (E.g. security cameras that recently contributed to the largest botnet the world has ever witnessed) chooses not to regularly push firmware updates? Should those people still be blamed for causing a botnet? Should regular consumers of Android phones be held liable when someone like LG is lax on pushing out security updates? Quite simply, no. Proving negligence in a case-by-case basis would prove next to impossible.
You know by tuning (rooting) the VW diesel computers you will get significant better mileage. The environment takes a hit, but you save money. Limited access to systems is not their to punish the user, their to protect all users."
I am very happy you used this example because I have an appropriate counter for it: What of John Deere tractor owners who essentially are being held hostage by the parent company for any sort of software repair at largely inflated and unreasonable prices (https://motherboard.vice.com/en_us/article/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware).
To quote the article: "Deere charges $230, plus $130 an hour for a technician to drive out and plug a connector into their USB port to authorize the part."
What happens when Google's version of Android becomes locked down so that only "certified Google technicians" can even diagnose basic problems? Should I, a consumer who legally bought and paid for a product, be held hostage by any company telling me what I can and cannot do with my property, or make repairing and customizing my property next to impossible (legally)? This isn't a case of trying to harm the environment or user base in any way shape or form, but rather, just using a product as we see fit. As I noted above, once I leave the parameters of how a product works, I forfeit my right to the support and warranty that goes along with it; that should NOT however negate my right to use that product in my vision.
Why should I have to be subject to forced upgrades if I have taken proper measure to secure my system and it is working as I wish? This is a heavy handed move by Google to further wall in a once open source garden.
Agree, this does not bode well for the open source community. The first thing I do after purchasing a phone is root it so as to remove the Blob of useless apps that come installed on it. I prefer a very small list of apps that I chose to use, the whole reason I do not touch Apple products.
One theoretical alternative (besides some kind of hack e.g. magisk) is to get APKs from emulators such as bluestacks to get the app and back it up using e.g. es file explorer.
Assuming this doesn’t go beyond the app store.
What makes this decision ludicrous for me is that pirates have better alternatives and root can be a far more secure alternative to using an old stock rom.
It was pointless p***ing about like this (e.g. when they gimped SD cards) which pushed me towards iOS because if I can’t have the ‘freedom’ Android should be providing I’d rather use iOS.
To me this means ROMs like Lineage needs to have some way to be certified and installed with root disabled after the installation, so that apps like Netflix, etc. will work fine.
I’d love to install Lineage (or others) on older devices to bring them up to date (after being abandoned by the manufacturer), but won’t be any good if apps won’t run on it.
This could make me and a lot of other people switch to IOS, They are making it so we can’t freaking root our device. I hope they remove this because if they don’t. I will just have to keep installing APKS if the app doesn’t allow root. Maybe someone will find a bypass. I hope
I don’t think it’ll drive people to iOS, as that is still much more restrictive. I’m not giving up Android for this, and I’m quite sure there will be bypasses. In fact, it sounds like Magisk can already do so. From the XDA page of Magisk: “Hide Magisk from detection, including SafetyNet, which is used in Android Pay, Pokemon GO, Mario Run etc.”
I don’t think this will be problem. If the developer enables this on their app I will uninstall the app and mark them as a developer that I don’t do business with anymore. It is the developers loss.
And that’s a reasonable response but probably a pointless gesture. It won’t be the little independent developer working out of their garage but one of the few choices you have for streaming movies, gaming, music, etc.
That’s who this is for. It’ll exacerbate the piracy problems, but at the same time you’ll see a much more aggressive approach to going after those offenders and prosecuting them.
This prevented the latest version of Netflix from working on my Fire tablet, but the version of Netflix in the Amazon App Store still works.
Glad I stopped caring about getting the PlayStore to work on my Rooted FTV1’s long ago…
I just use:
Latest APKUpdater App
Latest APKPure App
APKMirror App (But it is not downloading files correctly. So I have to use a browser)
to keep up with the latest Apps as soon as they come out. I totally control when I want to update & I can downgrade or upgrade as I see fit. Makes sideloading so easy.
I have began to do the same on my Android Phones/tablets. I don’t even bother activating any Google account. If they want to be a**holes about it. They can do without my data.
1.Google demonetizes independent youtube creators.
2.FCC votes to gut net neutrality.
–Now we see yet another way to keep people under control and limit choices.
Its turning into private tyranny much faster than at any other in history I can pinpoint.
If people are even a little irked by any of this, the WORST thing you can do is just quietly let it go.
As a reformed pirate i no longer acquire apps without purchase. However my inner hacker is everliving.
I will continue to have root
+ human right to privacy
++ i shall adblock apps and sites
+ i will remove system apps that violate sacrosanct privacy
++ i strip out all google services replacing some with foss privacy tools
+ i strip away ability to receive sms
++ i use only xmpp & matrix for texting
+ i will not be stopped from staying on current app version free, neutered adware, or commercial
++ md5/sha hashing assures apk integrity
++ This is not difficult, ethical people!
++ play store needs 3 categories: free, adware, commercial
++ 3rd party web ads in app is THE OPPOSITE of free
+ not having play store in no way hinders me from PAYING app developers.
++ app devs have more without G overhead gouging
amazon affiliate program rules require each link be textually labeled. One blanket footer statement doesn’t cut it.
a (few) report(s) of violation could jeapordize your account AND prevent you creating a new account after suspension
do the right thing: be honest & truthful
Since the above article was written many years ago, now, with some rooted devices, one can run Magisk Manager and then select MagiskHide and hide the following services/apps:
1. Google Partner Setup.
2. Google Play Services.
3. Google Play Store.
and voilà: you can now install and run Netflix, Disney+, Stan, or any other Android apps in Google Play using the rubbish SafetyNet check routine.
(Note: Magisk Manager works on AOSP ROMs as well as custom ROMs like LineageOS, etc.)
Again, like anything, Google’s security measure often lull Android developers and users alike into a false sense of security. Remember their Google Play’s LVL that was so easy to crack?! It took me only five minutes to crack their LVL! Go figure!
I want google to reinstall all my stuff on my phonerhey put new gmail no permission and everything l download is screwed up