Google engineer explains why Android Pay doesn’t work on rooted devices

Android forums have been ablaze with complaints that Android Pay doesn’t work with rooted devices.

The newly launched mobile payments service only lets users spend money on devices with non-rooted software.

A Google representative has finally spoken out about the issue, confirming that the company is definitely aware of the issue.

“Android users who root their devices are among our most ardent fans and when this group speaks, we listen,” explains Jason D Clinton, a Google security engineer, writing on the XDA Forums.

He continues: “Google is absolutely committed to keeping Android open, and that means encouraging developer builds. While the platform can and should continue to thrive as a developer-friendly environment, there are a handful of applications (that are not part of the platform) where we have to ensure that the security model of Android is intact.”

The Google engineer waxed lyrical on exactly where the issue lies.

“That ‘ensuring’ is done by Android Pay and even third-party applications through the SafetyNet API. As you all might imagine, when payment credentials and – by proxy – real money are involved, security people like me get extra nervous,” explains Clinton.

Clinton adds: “We concluded that the only way to do this for Android Pay was to ensure that the Android device passes the compatibility test suite – which includes checks for the security model.”

Many of the complaints make the point that the old Google Wallet app worked on rooted devices.

However, Android Pay, which replaces the old service, saw Google adopt a different approach. Here’s why:

“The earlier Google Wallet tap-and-pay service was structured differently and gave Wallet the ability to independently evaluate the risk of every transaction before payment authorisation,” says the engineer. “In contrast, in Android Pay, we work with payment networks and banks to tokenize your actual card information and only pass this token info to the merchant. The merchant then clears these transactions like traditional card purchases.”

SEE ALSO: Best Android Smartphones 2015

Other forum users have argued that they’re technologically savvy enough to root their devices without compromising payment security.

The engineer responded as follows:

“I know that many of you are experts and power users, but it’s important to note that we don’t really have a good way to articulate the security nuances of a particular developer device to the entire payments ecosystem, or to determine whether you personally might have taken particular countermeasures against attacks – indeed, many would not have.”

It isn’t clear whether Google will work on a fix for the issue, or if rooted devices will always find Android Pay off-limits.

Does the launch of Android Pay tempt you to avoid rooting your device? Let us know in the comments.

Check out our smartphone buyer’s video guide below: