1

I'm trying to check boot loader is unlocked or not. For this I've checked some discussions in online but i didn't get anything related except the below one (I don't know is it correct one or not)

String BootLoader_value = Build.BOOTLOADER;

but this giving string unknown for every device. Any one know, how to detect boot loader is unlocked or not

Bahu
  • 1,516
  • 2
  • 28
  • 49
  • 1
    You cannot really. You can use samsungs KNOX/seap api's to make a guess though, but those are only specific to Samsung. Same goes to detecting if the device is rooted. There is no surefire method for it due to your app running inside the possibly rooted device. The samsung enterprise api's are supposed to give you an idea if the device is compromised or not, but if you think about it, they really cannot too. https://seap.samsung.com/sdk/knox-android . Additionally, the seap api provides a lot of "root like" functionality on non rooted devices, like disabling built in packages(most). – Lassi Kinnunen Jan 04 '19 at 14:43
  • Thank you Lassi Kinnunen :-) – Bahu Jan 05 '19 at 16:02

2 Answers2

1

I saw this answer in SO. But now google is providing the API called SafetyNet. In this I've used Attestation API. This API is detecting bootloader is unlocked or not in the device. For other details check this table

Bahu
  • 1,516
  • 2
  • 28
  • 49
  • Does SafetyNet work to detect if Magisk/MagiskHide is running? – user1118764 Feb 15 '19 at 07:00
  • Modules available in the latest Magisk(Version >=24) to bypass SafetyNet API. Now the latest Play Integrity API from google detects the bootloader status – DAC84 Mar 11 '23 at 07:24
1

The most reliable solution, as you mentioned, is to use SafetyNet Attestation. However, this does not detect all bootloader unlocks (for example my Nexus 6 running Magisk is not detected). Also you might get devices that fail, due to other reasons, such as being an emulator, running a custom ROM, being rooted, API hooking or even just having a phone that is not certified by Google.

If you are interested in cases where the bootloader is guaranteed to be unlocked, use the SafetyNet Attestation API and look at the advice field. If the API detects a unlocked bootloader, {"advice": "LOCK_BOOTLOADER"} will appear in the token. Note that under normal usage, there will be no advice field.

Jayrassic
  • 127
  • 11