How to Bypass SafetyNet Apps with Systemless Root
Many apps like Google Pay, Netflix, or banking apps often won’t work on phones that have been rooted. They show error messages such as “device is not certified” or “failed SafetyNet check.” This happens because Google uses a system called SafetyNet to make sure devices are safe and have not been changed in ways that could lower security. SafetyNet checks if the device’s system matches Google’s standards.
If the bootloader is unlocked, Magisk (a rooting app) is not set up properly, or root files are not hidden well enough, SafetyNet will block these apps from working. Even if you use Magisk in a way that normally hides root, SafetyNet can still detect the changes if certain settings, like Zygisk or SELinux, are wrong or if modules cause problems.
Here is the complete guide:
Requirements
(For Google Nexus devices that received the May 2017 security patches – save this to your external SD card.)
The first step is to completely unroot your device. If you used SuperSU (a common rooting method), open the SuperSU app and tap “Full Unroot”. Then, agree to restore your stock boot image, but do not replace your recovery image.
You’ll also need to uninstall Xposed if it’s installed, and undo as many changes as possible in your /system partition. This includes reverting boot animations, fonts, and reversing any bloatware removal. If you have made a lot of system changes, it’s best to flash the official stock ROM and start fresh.
Once your device is back to its stock state (or running a clean ROM), you are ready to install Magisk. Download the Magisk Manager app and open it. Tap the “Download” button, and then reboot your device into TWRP Recovery once the download is finished.
In TWRP, tap the Install button and find the Magisk .zip file that you just downloaded. If you have a Google Nexus device, also tap “Add more zips” and select the VerifiedBootSigner.zip file.
Now swipe to confirm the flash of the .zip (or .zips). When it’s finished, tap Reboot System.
After rebooting into your Android system, open the Magisk Manager app and go to Settings. Enable BusyBox, Magisk Hide, and Systemless hosts. Next, return to the main screen and press the SafetyNet button to check that it says “SafetyNet Passed”.
Now, clear the data for Google Play Store—this is because there is a record that your device was previously rooted or modified. Go to Settings > Apps > Google Play Store. Tap “Force Stop,” then go to Storage (or Manage Space), and tap “Clear Data.” After this, you should be able to download and use apps protected by SafetyNet, such as Netflix and Pokémon GO, while keeping your device “rooted”—but in a way these apps can’t detect.
From now on, you should avoid installing any apps or making any changes that modify the /system partition of your device. Fortunately, Magisk offers many systemless versions of popular apps called Magisk modules. There are modules available for Xposed, Viper4Android, Dolby Atmos, Greenify, and many more.
To install these modules, open the Magisk Manager app, tap the “Downloads” menu, and choose the app you want. Most modules will download as a .zip file to your SD card. You will then need to flash the .zip in TWRP recovery.