How to Fix and Pass SafetyNet (CTS Profile Match & Basic Integrity) on Android.
Rooted or not, sometimes the SafetyNet check will deem your device as "uncertified" or the like.
Here are easy ways to help pass SafetyNet.
Method 1: Clear Google Play Store & Google Play Services Data & Cache.
KEEP IN MIND: This will delete information from your Google Account that's on your device.
Android Wear watches will have to be re-added. You can find the guide on how to do this without resetting them here.
Go into your phone's settings, then to the application manager list and clear data for both the Google Play Store, as well as Google Play Services.
Android P: Settings --> Apps & notifications --> See all x apps --> Google Play Services / Google Play Store.
Method 2: For Phone Rooted with SuperSU
Let's be clear... Stop using SuperSU. (unless you have to, this won't help you)
You literally cannot pass SafetyNet while SuperSU is installed. Don't try; don't let people tell you, it's not possible. Unless something changes, it's a no-go.
Use something else, such as Magisk. It does pretty cool things that SuperSU doesn't. It allows things such as allowing you hide SU privileges from apps such as the Google Play Store, Netflix, DirecTV Now, Pokemon Go, etc, and more.
Hiding SU is as easy as opening Magisk Manager, tap the hamburger icon in the top-left, select Magisk Hide, select the apps you want to hide SU from and restart those apps. Simple.
Great guide from XDA on how to install Magisk here.
Method 3: For phones with an Android Beta image
Especially if it's a newly released beta, there's a great chance that SafetyNet will not check out. Be sure to check news outlets (such as XDA or Reddit) to see if people are having issues with it. Google can usually fix these issues with a server-side update.
Hopefully these tips will help you out! If there's a tip you know about, either send me an email at email@example.com, or post a reply.