I have created an app in which I NEED to be aware if there has been any tampering with the device's security. To achieve this I have implemented a SafetyNet Attestation API solution, I make decisions on how to proceed in the app based on the result of the attestation call.
I am now testing my solution on an HTC One M8 device and while testing with the stock OS and bootloader locked the attestation response for the device has both basicIntegrity and ctsProfileMatch true as expected. However, on unlocking the bootloader for the device(no rooting, no custom ROM installed) and running the test again the same result as the initial test is obtained. I don't know why this is the case especially since the SafetyNet doc says this shouldn't be the case. Can anybody shed a light on this issue?
