Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Google engineer explains why Android Pay doesn’t work on rooted devices

Android forums have been ablaze with complaints that Android Pay doesn’t work with rooted devices.

The newly launched mobile payments service only lets users spend money on devices with non-rooted software.

A Google representative has finally spoken out about the issue, confirming that the company is definitely aware of the issue.

“Android users who root their devices are among our most ardent fans and when this group speaks, we listen,” explains Jason D Clinton, a Google security engineer, writing on the XDA Forums.

He continues: “Google is absolutely committed to keeping Android open, and that means encouraging developer builds. While the platform can and should continue to thrive as a developer-friendly environment, there are a handful of applications (that are not part of the platform) where we have to ensure that the security model of Android is intact.”

The Google engineer waxed lyrical on exactly where the issue lies.

“That ‘ensuring’ is done by Android Pay and even third-party applications through the SafetyNet API. As you all might imagine, when payment credentials and – by proxy – real money are involved, security people like me get extra nervous,” explains Clinton.

Clinton adds: “We concluded that the only way to do this for Android Pay was to ensure that the Android device passes the compatibility test suite – which includes checks for the security model.”

Many of the complaints make the point that the old Google Wallet app worked on rooted devices.

However, Android Pay, which replaces the old service, saw Google adopt a different approach. Here’s why:

“The earlier Google Wallet tap-and-pay service was structured differently and gave Wallet the ability to independently evaluate the risk of every transaction before payment authorisation,” says the engineer. “In contrast, in Android Pay, we work with payment networks and banks to tokenize your actual card information and only pass this token info to the merchant. The merchant then clears these transactions like traditional card purchases.”

SEE ALSO: Best Android Smartphones 2015

Other forum users have argued that they’re technologically savvy enough to root their devices without compromising payment security.

The engineer responded as follows:

“I know that many of you are experts and power users, but it’s important to note that we don’t really have a good way to articulate the security nuances of a particular developer device to the entire payments ecosystem, or to determine whether you personally might have taken particular countermeasures against attacks – indeed, many would not have.”

It isn’t clear whether Google will work on a fix for the issue, or if rooted devices will always find Android Pay off-limits.

Does the launch of Android Pay tempt you to avoid rooting your device? Let us know in the comments.

Check out our smartphone buyer’s video guide below:

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words