The SafetyNet API has been ordered by Google Play Security to notify applications if the user has unlocked the bootloader. If one device fails control, the user will no longer have access to these applications. One of its best features Magisk, is its ability to cheat Verified Bootloader on rooted devices. This allows users to run various banking applications, payment applications such as Google Pay and games like Pokemon Go, which otherwise would not work on devices with an unlocked bootloader.
But now the SafetyNet update can surpass Magisk. As stated by the creator of Magisk, the new update contains an additional key confirmation level hardware, to determine if a device has been compromised.
So far, the SafetyNet API has performed software-level checks, making it easy for Magisk to violate the bootloader status. No matter how many times she tried Google to create controls to detect these violations, Magisk has always found a way to escape.
But this time things seem to have changed. According to its developers XDA, in order to overcome the SafetyNet API, you need to identify a vulnerability in the firmware the Trusted Execution Environment (TEE) of a device. This process is especially difficult to think of how much money vendors should make if a vulnerability is discovered there.
So far, hardware key verification has not yet been implemented. In other words, even if the test fails, SafetyNet will not be activated.
However, it is only a matter of time Google enter the SafetyNet key confirmation on its server, which will no longer allow Magisk to continue its activity without interruption.