Modern smartphones Xiaomi, Redmi and Poco have become not just a means of communication, but a full-fledged digital wallet for millions of users. NFC-You may be faced with a chilling message that your device is at risk, which blocks Google Pay, Mi Pay and banking apps, leaving you unable to pay with your phone at the most inopportune time.
The reason is because of SafetyNet, or its newer version of the Play Integrity API, which scans the operating system for interference that could make your financial data vulnerable to hackers, and if it detects even the slightest hint of software instability or access to system files, it labels the device as “compromised” and disables payment functions.
Fortunately, in most cases, you can solve the problem yourself without going to the service center, you need to carefully analyze the system settings, check for hidden threats, and possibly change the configuration of the bootloader, and then we will discuss in detail the algorithms for restoring the full operation of payment services.
Diagnosis: Why the system blocks payment
The first step to solving the problem is to understand it, and when you see a threat notification, it means that cryptographic keys stored in a TEE (Trusted Execution Environment) secure module cannot be used to authorize a transaction, and Google's security system receives a signal from the phone that the software's integrity has been compromised.
Most often, the culprits are superuser rights (Root), unlocked bootloader (Bootloader), or installing modified versions of firmware, and even if you didn’t install root rights personally, they could have come from buying the device “out of hand” or from the actions of an unscrupulous seller who tried to remove ads or install Chinese firmware on a global version.
⚠️ Note: If you purchased a used phone and found an unlocked bootloader while trying to reset, there is a risk that the device was stolen or restored by artisanal means.
Also, it is worth considering that some system applications may conflict with security policies. For example, software for emulation of GPS, interface modifiers or tools for the developer left on, can be interpreted by the system as a potential threat. Android Debug Bridge (ADB) in active mode sometimes also causes false filters.
For accurate diagnostics, you can use specialized tools such as MChecker or SafetyNet Test to show detailed information about the status of the device certification, and if you see red marks in the report opposite to "Root detected" or "Bootloader unlocked", these are the factors that block the ability to make payments.
Verification and removal of Root rights
Superuser rights are the most common reason for blocking payment systems. Even if you don't remember installing Magisk or SuperSU, their presence on the system makes it impossible to pass security checks. Banking applications simply refuse to run on devices with increased privileges.
If you knowingly obtained root rights and want to reclaim payment, you don't have to search your phone completely. There are concealment methods, but they require technical literacy. In Magisk, you can try to use the Magisk Hide or DenyList feature by adding Google Pay apps and banking services.
Magisk's Hidden Setting
However, the most reliable way is to completely relinquish the rights of the superuser, by opening a root rights management application (like SuperSU) and selecting the option “Full Unroot.” If there is no such application, but there are root rights, most likely they are sewn into the firmware, and the only way out is to install the official stock firmware.
Remember that attempts to bypass locks using Xposed modules or other tweaks can lead to unstable system operation. Payment security in this case depends on the “purity” of the system partition. Any traces of interference in system files will be detected by updated Google algorithms.
bootloader status and its impact on NFC
Unlocked Bootloader is the second most common factor causing payment errors, and many users will unlock it to install customized backups or firmware, forgetting that it reduces the security of the device. Google and banks see open-end bootloader as an opportunity to inject malicious code at a deep level.
You can check the status of the bootloader when you turn on the phone. Most Xiaomi models will display an orange "Unlocked" sign at start, or an open lock icon. If you see this message, then the standard methods (settings inside Android) will not eliminate the threat - you need to flash it with the bootloader lock.
Lock Bootloader is only possible on official global or European firmware, and if the device is a Chinese version with a global language (the so-called “Chinese multilingual”), trying to block the bootloader will result in a “brick” – the phone will stop loading, in which case only the EDL service mode and paid firmware through the authorized service account will help.
It is important to understand the difference between software lock and physical lock: If the bootloader status is changed software, but the hardware does not support the proper level of encryption (which happens on some budget models or replicas), the security system can still give an error. Only the official firmware in conjunction with the blocked bootloader guarantees 100% work NFC-payment.
Google Play Protect and Certificates
Sometimes the problem isn't deep system changes, but Google's services failures. Google Play Protect is an embedded security system that checks apps for malicious code. If its databases are outdated or there are errors in its cache, it can falsely classify your device as insecure.
To start, you need to update the Google Play components. Go to your phone's settings, search for the Apps section and sort them by name. You need to find three key components: Google Play Store, Google Play Services, and Google Play Services for AR. Each of them should clean the cache and data, and then check for updates.
☑️ Actions to Reset Google Services
Also worth checking the status of the device in the app store. Open the Google Play Store, click on the profile avatar in the top corner and select Settings. In the About section, you should mark "Play Protection Certificate: Certified." If it says "Not certified," the phone won't pass the payment security check.
In rare cases, re-associating the card helps, removing the card from your Google Pay account and adding it again, while making sure that the phone has the latest versions of banking applications, and some banks require their own security environment that can conflict with outdated versions of system libraries.
The influence of custom firmware and modifications
Custom firmware (such as LineageOS, Pixel Experience, or various MIUI builds from enthusiasts) almost always leads to a loss of the ability to pay with the phone, and developers of such firmware rarely have access to the private keys of Google certification necessary for the operation of SafetyNet.
Even if the firmware claims to support Google Pay, over time (usually after updating Google's servers), access is blocked, users are faced with a situation where today payment works and tomorrow it does not.
If you're not willing to give up custom firmware, the only option is to use patches and modules to mask the system. But this is a cat-and-mouse game: Google is constantly changing the detection algorithms, and the old methods are no longer working. For everyday use of finance, this is too risky a path.
⚠️ Warning: Installing firmware from unknown sources may contain built-in backdoors, in which case the threat to payment security becomes real - your data can be stolen, not just blocked.
There is also the concept of "grey" firmware that is sold on marketplaces, often modified versions of Chinese shells that are manually embedded in Google Play, which are not officially certified, and the only way to eliminate the threat is to completely replace the software with the official one.
Algorithm for the complete elimination of the threat
If you want to make sure you fix the bug and get contactless back, follow a strict algorithm, which is to get the device back to factory status using official tools, and it will take time, but it will provide a stable result.
The first thing you do is to save all the important data, and the recovery process will require a full reset (Wipe), so you have to copy the photos, contacts and documents to your computer or to the cloud, and then you go to action.
💡
Before you start any firmware manipulations, charge your phone to at least 70%. Interrupting the recording process due to battery discharge can lead to irreversible damage to the software part.
You will need to download the official firmware for your model from miui.com or xiaomirom.com. It is important to choose the version specifically for your region and type of bootloader. If the bootloader is unlocked, you will need the unlocked bootloader version, but to restore security it will have to block in the process.
Instructions for action:
- 📲 Download the Mi Flash Tool program to your computer.
- 💾 Download the archive with the official firmware (Fastboot version).
- 🔌 Transfer the phone to Fastboot mode (click the power and volume button down).
- 🖥️ Connect your phone to your PC and select the “Clean all and lock” mode in the program».
- ⏳ Start the firmware process and wait for it to end.
Clean all and lock mode is critical, because it not only erases all data, but it also re-locks the bootloader, returning the device to factory safety status, and once turned on, the phone will be like new, and Google Pay systems should work without errors.
Compatibility and security status table
To help you understand the relationship between the state of your system and the way payments work, we have a summary table that will help you quickly determine how critical your situation is and what steps you need to take.
| Status of the system | Loader status | Google Pay's job | Action required |
|---|---|---|---|
| Official firmware | Locked (Locked) | It's working. | No action required |
| Official firmware | Unlocked (Unlocked) | It's not working. | Lock the bootloader through Mi Flash |
| Custom firmware | Unlocked. | It's not working. | Return to runoff or use of patches |
| Root-right (Magisk) | Blocked. | It's not working. | Remove Root or Configure DenyList |
| Modified system | Blocked. | It's not working. | Full reset and flashing |
As you can see from the table, the combination of the official firmware and the locked bootloader is the only guaranteed way to avoid problems, and any deviations from this configuration require additional manipulation or involve risks.
💡
The only 100% way to eliminate the security threat is to return to the factory settings with the bootloader lock through the official Mi Flash tool.