The beta version of Telegram for Android has begun performing a SafetyNet check before sending out the SMS authorization code. This was discovered by developers of the unofficial Nekogram modification. Telegram Info found out custom ROM users don’t need to worry.
SafetyNet API, developed by Google, is a tool that app developers can use to detect unofficial modifications within the app and on the system, such as mods, root access, and custom ROMs. This technology is used to protect against piracy and improve security by blocking the app or certain features on devices deemed unreliable by the developer.
Some users have expressed concern that Telegram’s implementation of SafetyNet may indicate that the app will no longer allow SMS codes to be received from devices with unofficial ROMs or that the app will cease to function on these devices altogether.
However, a deeper analysis of the app’s code reveals that Telegram is using SafetyNet to test a new method of delivering SMS authorization codes via Google’s Firebase service, which requires the device attestation. The old method of sending codes will still be used in other cases, leading to the conclusion that Telegram does not intend to impose any sanctions on users of unofficial apps or mods.
The use of Firebase may be related to the high cost of sending SMS messages and calls for authentication. The delivery of codes accounts for a quarter of the messenger’s expenses.