Home / News / Mobile Phone News / Google engineer explains why Android Pay doesn't work on rooted devices

Google engineer explains why Android Pay doesn't work on rooted devices

by

Android pay

Android forums have been ablaze with complaints that Android Pay doesn’t work with rooted devices.

The newly launched mobile payments service only lets users spend money on devices with non-rooted software.

A Google representative has finally spoken out about the issue, confirming that the company is definitely aware of the issue.

“Android users who root their devices are among our most ardent fans and when this group speaks, we listen,” explains Jason D Clinton, a Google security engineer, writing on the XDA Forums.

He continues: “Google is absolutely committed to keeping Android open, and that means encouraging developer builds. While the platform can and should continue to thrive as a developer-friendly environment, there are a handful of applications (that are not part of the platform) where we have to ensure that the security model of Android is intact.”

The Google engineer waxed lyrical on exactly where the issue lies.

“That ‘ensuring’ is done by Android Pay and even third-party applications through the SafetyNet API. As you all might imagine, when payment credentials and – by proxy – real money are involved, security people like me get extra nervous,” explains Clinton.

Clinton adds: “We concluded that the only way to do this for Android Pay was to ensure that the Android device passes the compatibility test suite – which includes checks for the security model.”

Many of the complaints make the point that the old Google Wallet app worked on rooted devices.

However, Android Pay, which replaces the old service, saw Google adopt a different approach. Here’s why:

“The earlier Google Wallet tap-and-pay service was structured differently and gave Wallet the ability to independently evaluate the risk of every transaction before payment authorisation,” says the engineer. “In contrast, in Android Pay, we work with payment networks and banks to tokenize your actual card information and only pass this token info to the merchant. The merchant then clears these transactions like traditional card purchases.”

SEE ALSO: Best Android Smartphones 2015

Other forum users have argued that they’re technologically savvy enough to root their devices without compromising payment security.

The engineer responded as follows:

“I know that many of you are experts and power users, but it's important to note that we don’t really have a good way to articulate the security nuances of a particular developer device to the entire payments ecosystem, or to determine whether you personally might have taken particular countermeasures against attacks – indeed, many would not have.”

It isn't clear whether Google will work on a fix for the issue, or if rooted devices will always find Android Pay off-limits.

Does the launch of Android Pay tempt you to avoid rooting your device? Let us know in the comments.

Check out our smartphone buyer’s video guide below:

BobTheMad

October 9, 2015, 5:26 pm

Been a Nexus user since the Nexus S, and always rooted my phone, There are just some functions that I require (improved backups, some Tasker items, etc) that cannot be accomplished w/o root. I have also been a very big supported of Google Wallet and now Android Pay. Now, I am being forced to choose between the two on my current phone (Nexus 5) and my soon-to-be-received new one (Nexus 5x).

I have every confidence that the brilliant engineers at Google will find a way to make everything coexist happily, but for now I am forced to side with my root access over Android Pay.

Stewy

October 19, 2015, 7:41 pm

I agree, I have the nexus 6 and up until now I thought it was THE best android phone out there. I root my device because of Viper4Android as it is a system wide eq app that has incredible sound especially through Bluetooth. I like to workout and have my ear buds in the entire time. Sound "quality" is important to me. The google play app has an eq but it's not system wide meaning it only works if your using the google play app. So I rooted my nexus 6 on android M and installed viper4android. For now I won't be able to take advantage of android pay which is fine because I always have my actual wallet on me anyway..lol!!!

IceSage

November 5, 2015, 5:57 am

It's funny because I specifically rooted my phone so my Photon Q LTE 4g could use Google Wallet, which no longer supported anything under KitKat. (And the Photon Q was 1 update shy of KitKat.)

Now I've got a rooted phone that can do pretty much almost anything and the new Google Wallet, which has become Android Pay, now uses more security measures that I really don't care about.

I probably won't even regularly use the app, I'm just a nerd who wants to use tap and pay on my phone that had the capability ages ago. The Photon Q was a rather advanced phone back in the day.

jacob meeder

March 31, 2016, 3:32 pm

@google I used to like your openness, now it's becoming more like Apple, I hope when Ubuntu finally has a good mobile phone os they are much more open, I rooted my droid mini because the firmware is terrible (this is a device you guys control the firmware to) you let Verizon install tons of like NFL and Verizon stuff, you refuse to update this thing to lollipop but insist on keeping the bootloader locked, I used to be a fan, but your becoming a corporate bust, I guess I will have to find a new browser and search engine, and get a old phone to stay up to date anymore

Michael Taylor

April 4, 2016, 3:15 pm

No, I will not avoid rooting my phone. I will avoid Android Pay. Rooting fixes a lot more problems that Android Pay thinks they're avoiding by disallowing it.

comments powered by Disqus