If you root, you won’t be able to use Android Pay (an advertised feature of the device) anymore due to the recent changes to SafetyNet that now trigger if even the bootloader isn’t locked.
Well, we have root access. Can't we completely stump and destroy this stupid safety net? This should have a very high priority for anyone who cares about open smartphone systems.
There should be a safety net remover that simply strips all safety net API calls off a program and inserts all valid flags by default.
SafetyNet actually sends its results to a Google server, which validates that they’re properly signed, and then sends a message to the backend of the app.
The only way to successfully break it is by emulating or replacing SafetyNet on the device, but as part of it runs in TrustZone, that’s not easily possible.