SafetyNet is an API created by Google in order to assess the quality of a device and if it has been tampered with. For example, it checks if the device is running a custom ROM or has root access.
Any devices that come preloaded with the Google Play Store and other apps must pass a test known as the Compatibility Test Suite, or CTS. Rooting or installing ROMs breaks this and makes your device fail the test. Many banking/secure apps check for validity of this in order to run, making it very important.
Google Play Services downloads a program that runs in the background called “snet” which sends data back relating to the device’s status. It most likely checks for a modified system partition.
This SafetyNet restriction only works if developers integrate it into their apps, meaning many won’t even check for its presence. An example of an app that does however, is Android Pay. It checks and detects the presence of tampering to block the use of sensitive payment data.
There are many unofficial ways to try and bypass this using apps such as Magisk, which are useful for hiding the superuser binary and not triggering a CTS profile mismatch.
Although SafetyNet is very beneficial to Android’s overall security, it is causing people who root their phone to find other ways to get around the restrictions. This leads to an endless cat and mouse game between Google and people who like messing with their phones.