diff --git a/init/Android.bp b/init/Android.bp
index fac1864c5..c15fccf7f 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -123,6 +123,7 @@ libinit_cc_defaults {
         "-DREBOOT_BOOTLOADER_ON_PANIC=0",
         "-DSHUTDOWN_ZERO_TIMEOUT=0",
         "-DWORLD_WRITABLE_KMSG=0",
+        "-DSPOOF_SAFETYNET=1",
         "-Wall",
         "-Werror",
         "-Wextra",
@@ -150,6 +151,8 @@ libinit_cc_defaults {
             cppflags: [
                 "-USHUTDOWN_ZERO_TIMEOUT",
                 "-DSHUTDOWN_ZERO_TIMEOUT=1",
+                "-USPOOF_SAFETYNET",
+                "-DSPOOF_SAFETYNET=0",
             ],
         },
         uml: {
@@ -419,6 +422,7 @@ init_first_stage_cc_defaults {
         "-DSHUTDOWN_ZERO_TIMEOUT=0",
         "-DLOG_UEVENTS=0",
         "-DSEPOLICY_VERSION=30", // TODO(jiyong): externalize the version number
+        "-DSPOOF_SAFETYNET=1",
     ],
 
     product_variables: {
@@ -448,6 +452,8 @@ init_first_stage_cc_defaults {
             cflags: [
                 "-USHUTDOWN_ZERO_TIMEOUT",
                 "-DSHUTDOWN_ZERO_TIMEOUT=1",
+                "-USPOOF_SAFETYNET",
+                "-DSPOOF_SAFETYNET=0",
             ],
         },
     },
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 2ea45d2cf..9c51f3ec8 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1463,8 +1463,10 @@ void PropertyInit() {
     // checks pass. This needs to be done before parsing the kernel cmdline as
     // these properties are read-only and will be set to invalid values with
     // androidboot cmdline arguments.
-    if (!IsRecoveryMode()) {
-      SetSafetyNetProps();
+    if (SPOOF_SAFETYNET) {
+      if (!IsRecoveryMode()) {
+        SetSafetyNetProps();
+      }
     }
 
     // If arguments are passed both on the command line and in DT,