Root 5.0.2 AH

Google Security Engineer Talks Android Pay & Rooted Devices

September 25, 2015 - Written By John Anon

There has been a lot of talk of late regarding Google’s latest take on mobile payments, Android Pay. While most Android users have been keen to jump on board with the payments solution, there has been two groups have been left somewhat unsatisfied by the launch. The first is the group which use cards that have yet to see support being activated. For this group, the issue is much more one of timing as it does seem likely that more banks and carriers will commence support in due course. The second group are those who are rooted. For this group of Android device owners, the problem is far more fundamental and one which is increasingly seeming more likely to be an issue which remains going forward.

In response to the many rooted users who have been questioning the ‘choice’ of Google to not allow Android Pay to work on rooted devices, a Google security engineer has taken to XDA to post a blog detailing the current issue. The short of the response (and subsequent comments) is that for the foreseeable future, those who root their devices will not be able to use Android Pay at all. The engineer does make the point that this is unfortunate and is understandable that these users should not have to make the choice between rooting and using Android Pay, although, the current status means that the two are just not compatible.

The reason given for this lack of compatibility is what is known as the SafetyNet API. This is something we heard a lot more about yesterday. While the engineer notes that Google is committed to Android being ‘open’ and loves that third-party developers work on the platform as they do, some elements must maintain Google’s ‘view of Android’ to maintain their security integrity. The SafetyNet API is exactly one of the tools which is used to maintain this aspect. One which keeps Android Pay in check and stops the app from being able to be used on rooted devices. In contrast, the security engineer notes that Google Wallet did not suffer in the same respect as Wallet was able to “evaluate the risk of every transaction before payment authorization.” Due to the token nature of Android Pay, the new payments solution works much differently. While the overall tone of the posting and comments are not exactly what many rooted Android device owners will want to here, the overriding theme which the engineer tries to make clear is that they (Google) are listening.