All Nothing Phone 2 will lose MEET_STRONG_INTEGRITY on 6th of September?

simdll

Hi, I have checked the attestation key of my phone 2 (NOS 3.2 stock with locked bootloader) and I find out that the Vendor patch level will expire the 5th of September, because from May of this year Google has updated play integrity api, and now strong integrity required a security patch in the last year. But I found online that play integrity checks three different patch level: OS patch level, Vendor patch level and Boot patch level. But in my case the Vendor patch level il 2024-09-05 and Boot patch level is 2024-12-05. So, theoretically, if Nothing doesn’t release an update in time the 6th of September NP2 will lose strong integrity.

If you want to check your patch level just download Key attestation demo from play store and look at the bottom of the app

CMF1_hacker

simdll NP3

sakshamsharma_280p3K61bk

simdll

Is shows me like this

WASIM Nothing

simdll really

KhanWaqar

simdll

simdll hope so let’s see

pixcel25

can you explain me in lay mans terms whats happening

simdll

CMF1_hacker But you are using a CMF phone or a nothing phone 2?

CMF1_hacker

simdll it is clear from the ID model.

simdll

CMF1_hacker A024 is phone 3 right? I’m talking about nothing phone 2 only (I don’t know what will you get on other phones)

Can I also ask you if you have disable or not the flag “Attest device props” in key attention demo?

CMF1_hacker

simdll I do t want to troll your thread but that’s my biggest worry with NOTHING, will they exist for these years of updates. I’d say 50/50.

simdll

CMF1_hacker Yes, I agree. I have contact their customers support, so let’s see what they will say.

But @CMF1_hacker when you have performed the key attestation test, do you have enable or disable the “Attest device props” flag?

simdll

Introduction

As I previously wrote here, all Nothing Phone (2) owners risk losing the ability to pass MEET_STRONG_INTEGITY starting September 6, 2025.

Why does this happen?

As of May 21, 2025, Google updated its Play Integrity APIs, which (very questionably) attest to the integrity of an Android 13+ device. The APIs provide three integrity levels: Basic, Device, and Strong. To pass Strong attestation, an Android 13+ device must: pass basic and device attestation, have a stock OS, a locked bootloader, and a security patch within the last year.

And this is where the problems arise. By security patches within the last year, Google doesn’t just mean Android security patches (called system patches or OS patches), but also controls vendor patches, and possibly even boot. [SOURCE].

Status of Nothing Phone (2)s

To check the patch levels of your Android phone, you can download this free app from the Play Store or GitHub, called Key Attestation Demo.

If the app says that the device IDs could not be attested when you open it, click on the three dots in the top right and disable the “Attest device props” flag.

At the bottom of the page, you’ll see “OS patch level” (which indicates the Android patches), “Vendor patch level” (for the vendor partition), and “Boot patch level” (for the boot partition).

The problem with Nothing Phone 2s is that the vendor patch level is 20240905, which means that September 5, 2025, will be one year later.

Therefore, as explained above, Nothing Phone 2s will likely fail the MEET_STRONG_INTEGRITY check.

What will be the consequences?

If this were to happen, starting September 6, 2025, anyone with a Nothing Phone (2) may no longer be able to use some apps that rely on MEET_STRONG_INTEGITY, such as banking apps, digital IDs, or apps that require high security.

Considering that Nothing had declared 3 major Android updates and 4 years of security patches, it would mean that, if they don’t fix it in these 10 days, after just over 2 years the Nothing Phone 2 will not have the latest security updates, with the consequences already described.

How can I fix this?

The only way to prevent this from happening is for Nothing to release an OTA update in time, that updates the vendor patches (which expire on September 5, 2025) and the boot patches (which expire on December 5, 2025).

Are other Nothing phones affected?

I don’t know, but if you own another Nothing or CMF phone, you can use the procedure above to check if you’re affected.

—

This specifically affects all Nothing Phone 2s running Nothing OS 3.2 (Pong-V3.2-250708-2227-EEA) and earlier.

—

DISCLAIMER: Publicly available information online regarding the exact functioning of the new Play Integrity API is very sparse. I’m not 100% sure Google also controls the patch level of the vendor or boot partition, but it appears that way from what I’ve found online. If you know anything more, I’d love to hear it.

Infinity

simdll i Get that let’s see what NOTHING’s gonna do before 5th sep , or they will Just ignore as they always have…

And those who’re saying they have forgotten 😅 that’s actually a cheap Tactics, to grab more users like stating we are learning from our mistakes and will provide much better Space in future 😅😅…

Stereobasic

You can’t say they are lying till the 6 September. Then maybe you can assume that. No ?

pollenjh

Stereobasic You’re saying that if Nothing doesn’t fix this before Sep 6th I won’t be able to access the apps that require Strong integrity? Brooo how does this happen

simdll

Stereobasic Yes, mine is an assumption, but it’s based on objective data that can be found publicly online. I also checked the patch level directly on the OTA package for the NOS 3.2 update to make sure it wasn’t a problem with my device. I’m aware that the title may be a bit clickbait, but it was meant to grab attention.

pollenjh Your apps that require strong integrity probably won’t stop working exactly on September 6th. Typically, apps run the test every now and then or when you perform specific actions, but eventually they will stop work.

simplex19 Yes, I totally agree with you. Is very disappointing the lack attention that Nothing is putting on Nothing Phone 2.

pixcel25

this is worrying, Hopefully the team is already working on it

CMF1_hacker

It’s unknown what will happen. But it COULD be a serious concern and worth a post on NC.

simplex19

This is indeed worrying if true. In any case, it is disappointing that at end-Aug 2025, the Phone 2 is still running on June 2025 Android Security Patch Level (SPL).

Even if the next update bumps it up to September 2025 SPL (like the Phone 2a), this is a break from the bi-monthly promise.

MayankSingh_mFF9znREeC

Always buy Chinese brands, everything else is overpriced garbage

pollenjh

MayankSingh_mFF9znREeC People know that Chinese brands are usually more bang for your buck, but yet most of the time don’t opt for Chinese brands. And that is (usually) because of availability.

I would happily try daily driving Oppo or Vivo phones, but since they aren’t readily available to me like Apple, Samsung, Google or even Nothing, I can’t get them. And even when they are available, like on TradingShenzen, they don’t even support my language or have a proper global ROM.

And I can definitely get a OnePlus phone, but I don’t like curved screens and it’s almost a sin coming from Nothing lol. But if Chinese phones work for you then that’s great!!

AbhishekSharma_9L8IaRRFs9

Phone 1

simdll

AbhishekSharma_9L8IaRRFs9 thank you for sharing. So my guess is that someone in Nothing development team has forgotten to update the patch level only for Nothing phone 2.

From what you have shared Nothing phone 1 and 3 have an updated patch level.

But I’m quite sure that isn’t a problem of my device, because I have checked the build.prop inside the latest available update for NP2 (NOS 3.2 on July 14) form Nothing archive (<redacted>, full OTA) and the patch level (boot, vendor and system) match exactly with what I get from Key attestation