Android’s open source nature makes it one of the most customizable and developer-friendly platforms out there, thus the basis of its appeal to many users. However, sometimes such freedom can cost people dearly too, just like the newest piece of information that has surfaced regarding Android Pay on rooted devices. According to a credible source, Android Pay will not work on rooted Android smartphones and tablets.
The news comes courtesy of user jasondclinton_google over at XDA-Developers forum, who has been verified to be working as a security engineer over at Google’s Android Pay project. A thread had already been going on at the Android development forum regarding whether Android Pay will work on rooted devices or not, and the engineer has confirmed that it indeed will not.
Google is absolutely committed to keeping Android open and that means encouraging developer builds. While the platform can and should continue to thrive as a developer-friendly environment, there are a handful of applications (that are not part of the platform) where we have to ensure that the security model of Android is intact.
That “ensuring” is done by Android Pay and even third-party applications through the SafetyNet API. As you all might imagine, when payment credentials and–by proxy–real money are involved, security people like me get extra nervous. I and my counterparts in the payments industry took a long, hard look at how to make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model.
As you might have expected, the news isn’t something out of the blue or a big shocker for the Android community. In the past even, there have been certain features that didn’t work fully well on a rooted device. Even WhatsApp claims it might not work as expected on a rooted Android phone. That’s because rooting a phone gives you administrator level access to the system. Hence, certain apps or system features where security is of utmost importance, manufacturers end up restricting features like Android Pay to ensure nothing gets compromised.
It also goes without saying that in cases of payments like this one where money is involved, Google and Android are not the only parties involved. There are banks, credit unions, transit brokers and whatnot that are trusting Google to provide a watertight environment for transactions to flow, and in such a case, rooted devices can and do become a liability. From that perspective, the company is probably making a smart move that favors all concerned, even if some hardcore tinkerers are not so happy about it.
If it’s any solace to the power Android users that have rooted devices, it was earlier confirmed that rooting Samsung Galaxy devices will render Samsung Pay useless as well.