back to article Rooting your Android phone? Google’s rumbled you again

Google's crackdown on rooted Android devices continues. Citing security reasons, Google doesn’t want rooted 'Droid phones to use mobile payments via the Android Pay infrastructure. This is a standard not required by Pay’s predecessor, the now-deprecated Google Wallet. In turn, this has led to a cat-and-mouse game with Android …

  1. Graham Marsden
    Alert

    This is not...

    ... your phone.

    We are just kindly giving you permission to use it, but only in ways that *we* approve of...

    1. Zog_but_not_the_first
      Facepalm

      Re: This is not...

      Exactly.

      But try explaining it to the average user. I usually resort to an analogy something like "you've bought a house but soon find out that someone else has the keys to "your" property. Also, they can unlock doors in the house to which you don't have the key."

      But that's outrageous, they protest...

      1. theOtherJT Silver badge

        Re: This is not...

        Indeed. But they didn't buy, they took out a lifetime lease. They only thought they bought because they didn't read the terms of the contract carefully enough. It's a bit like the difference between buying freehold and buying leasehold.

        1. Cynic_999

          Re: This is not...

          Try making modifications to your house that do not have planning permission from your local council and see what happens ...

        2. h4rm0ny

          Re: This is not...

          >>"Indeed. But they didn't buy, they took out a lifetime lease."

          No, they bought it. The phone is theirs. You're trying to alter the analogy so that it shows Google's behaviour is okay. But it's just an analogy and it's being used in the way that analogies should - to communicate something complex in simple terms and it has succeeded for the OP. Here's an alternative one of my own which is perhaps a bit more accurate as it preserves the fact that this is about the Playstore...

          Suppose a petrol company started manufacturing their own car. Many people bought the cars and owned them, but you could only get petrol from that one company. Some people altered the cars so it could use any petrol they liked. The petrol company didn't like this and would refuse to sell petrol to such cars whenever they could identify them. As the petrol company was the biggest petrol company and owned most of the petrol stations, they figured they could get away with this even though people had paid money for their cars and owned them.

          The petrol company actually make money from advertising. The cars are phones that they can gather information on from people to get more money from advertisers. And they don't want people altering the cars because it lets the owner shop elsewhere.

      2. Anonymous Coward
        Anonymous Coward

        Re: This is not...

        I think the comparison is apt, but not in the way you intended.

        Not for rooms, but there *are* locked implements in your own home for which you do not have the key.

        Typically, they are the utilities: your connection to the gas, water, electricity, phone, is a locked box, or at best, a locked meter, which is not your property, and you are not allowed to open or tamper with them.

        So Google would be on a stronger footing than it appears if you consider that payment is indeed an utility.

        Since I rather agree with you on the whole, I'd love to have a better metaphor :)

      3. Terry Barnes

        Re: This is not...

        If you modify the gas and electrical installations in your home don't be surprised if the utilities decline to offer you continued service. You can do what you want to things you own, but you can't do that and expect other organisations to support you in it.

        Similarly you can do anything you like to a car you own, but you might lose the ability to use it on a public road afterwards. The important thing is that it's entirely your choice.

        1. DropBear
          WTF?

          Re: This is not...

          "If you modify the gas and electrical installations in your home don't be surprised if the utilities decline to offer you continued service. You can do what you want to things you own, but you can't do that and expect other organisations to support you in it."

          So I guess it's perfectly fine if my bank won't let me do internet purchases from home unless I install THEIR OS on my PC and promise to never ask for the admin credentials...? What sort of fucked up world are we live in again, sorry?

      4. Graham Marsden
        Unhappy

        @Zog_but_not_the_first - Re: This is not...

        > Also, they can unlock doors in the house to which you don't have the key

        And come in when they feel like it, repaint the walls, move the furniture around and change the favourite channels on your TV...

        ... and if you don't like it, they say "fine, you can always move out..."

      5. IsJustabloke
        Stop

        Re: This is not...

        "But try explaining it to the average user"

        Quite rightly the average user doesn't give a toss about that because they just want to make calls, plays some games, surf the internet. They really don't give a stuff about the things that excise people like you.

        Soz but that's the truth I'm sure you'll get over it.

        1. h4rm0ny
          Mushroom

          Re: This is not...

          >>"Quite rightly the average user doesn't give a toss about that because they just want to make calls, plays some games, surf the internet. They really don't give a stuff about the things that excise people like you."

          They don't care about it the same way I don't care about the details of EU clean water laws, or whether NICE guidelines allow the latest FDA rubber-stamped drug from the US or some local counsellor choosing which company will get the road maintenance contracts for filling the potholes in my street. I.e. I do care about it, I'm just relying on professionals in the field to look out for me when it comes to things I don't understand or wouldn't be aware of until it's too late.

          Whether I control a device I own or whether another company can decide who I am and am not allowed to buy from is a battle with some serious long-term implications. Whether the average person knows about this or not, they care - just at a different point in time than the one people at the forefront of it do.

        2. Chris Parsons

          Soz

          Who or what is 'soz'?

          1. Anonymous Coward
            Anonymous Coward

            Re: Soz

            Slang contraction of "sorry".

      6. goldcd

        I've used similar

        but prefer the "landlord" analogy.

        Yes, it's your phone. You have rights - but...the landlord can always get access and you're not allowed to paint all the rooms black, whilst smoking crack.

        Now you probably don't have the narcotic/decorating urge - up until somebody tells you you can't. Then you get pissed off.

        On the flip side you could root your phone/buy your house and do whatever the hell you damn well please - but you've forfeited the right to demand somebody else fixes the heating when it packs up/install google's new pay app.

        Defending the poor google underdo seems a bit strange, but I can't help feel that they'd like as many people as possible to use their app, and if they block people from doing so, they've probably got a carefully cost-analyzed reason.

        Don't like it? Don't root, or write your own pay app.

        1. h4rm0ny

          Re: I've used similar

          >>"Yes, it's your phone. You have rights - but...the landlord can always get access and you're not allowed to paint all the rooms black, whilst smoking crack."

          Smoking crack is a weird analogy for being able to install software of your choice on a phone you own. I call that analogy bogus. It's clearly prejudicial. All analogies are inaccurate to a degree by definition, but there's a difference between that and clearly trying to build one that changes the whole argument.

          Disclaimer: I have an analogy of my own posted here, but unlike yours, the one of a petrol station chain that sells cars locked to only use their stations is a pretty accurate one.

      7. Anonymous Coward
        Anonymous Coward

        F**k Greedle Pay. We know the Globalists want to eliminate cash...

        ...and move us to electronic money, so we will be completely at their mercy.

        If you catch a light on someone's console, they can just turn off your access to your virtual cash in your virtual account and you're screwed, you can't even live.

        Not to mention that you can be tracked by anything you ever buy once physical money is gone.

        Don't let this happen by laziness or putting convenience over your future freedom.

        There's nothing like being able to stash some cash, that is nobody's business where you spend it, when you spend it and on what.

    2. petur

      Re: This is not...

      Sorry, it *is* your phone, but it *is not* your Google Pay.

      Any app can reject working on your phone if routed, that is up to the app dev to decide. For example, my cable company has an app that allows subscribers to watch TV on it, but only if not rooted.

      My cable company of course fears that on a rooted system you might install something to record the video stream.

      And Google Pay deems the security risk due to malware on a rooted phone too high.

      I have yet to try the app of my bank on a rooted device, I suspect it will also refuse

      1. david bates

        Re: This is not...

        First Direct is fine on rooted phones, but I know some others tend to complain. And I must admit I can see their logic.

        1. Andy Davies

          Re: This is not...

          First Direct is fine on rooted phones, but I know some others tend to complain. And I must admit I can see their logic. So banking shouldn't be available on PCs which allow root access?

      2. Cuddles

        Re: This is not...

        "And Google Pay deems the security risk due to malware on a rooted phone too high."

        Which is rather ironic considering the amount of malware that can be downloaded through Google's own app store. If anything, people with good enough technical knowledge to have even heard of rooting phones, let alone actually be able to do it themselves, are rather less likely to be the ones downloading malware.

        1. This post has been deleted by its author

        2. TeeCee Gold badge
          Facepalm

          Re: This is not...

          More to the point, who writes malware that will only work on a previously rooted device?

          So you're only going to try to pwn the devices of tech-savvy types who are waaaaaaayyyyyyy more likely to notice something's up and remove your shit.........right...........very clever, I'm sure.

      3. BitDr

        Re: This is not...

        Don't use apps for banking as they want too much info from the device.

        1. Anonymous Coward
          Anonymous Coward

          Re: This is not...

          This is what CM Privacy Guard is for.

      4. Mage Silver badge
        Thumb Up

        Re: This is not...

        Payments on a Phone. Is it secure and private anyway? I agree, It may be your phone, but it's Google's payment system. c.f. Pay TV access, gas, electricity and water meters?

      5. Anonymous Coward
        Anonymous Coward

        Google Pay = Google Play

        The trouble with that is if Google Pay refuses to work, then Google Play (with an L) refuses to work *even for free apps*.

        And you can't uninstall Google Play Services without it taking all your downloaded apps with it. It uninstalls them when you turn it off in the settings.

        This is the linkage game no different than when Microsoft did it.

        Google Play Services is one of the most virulent spyware apps ever. Tracking, surveillance, access to cameras, microphones the lot. It has no purpose doing that, yet it does it for Google's benefit.

        You probably don't know its tracking your location, and monitoring your app usage and all the other things "Carrier IQ" was doing. Sadly it is.

        1. Anonymous Coward
          Anonymous Coward

          Re: Google Pay = Google Play

          "And you can't uninstall Google Play Services without it taking all your downloaded apps with it. It uninstalls them when you turn it off in the settings."

          I have a rooted Nook Tablet, plus an old HTC Evo 4G, and on both devices this is 100% not true - I can, and have, removed Google Play Services and all installed apps worked as expected except the Pay Store.

          1. Anonymous Coward
            Anonymous Coward

            Re: Google Pay = Google Play

            And I have a non-rooted Galaxy Prime (and several others), turning off Google Play Services requires it revert to the factory version, which it promptly uninstalls all of the apps.

            So you're saying to stop Google Play Services, I need to root my device? Then run some other app to disable Google Play Services?

            I tried rooting a Asus tablet to install Cyanogenmod, only to find it wouldn't root. Even if you're claiming a successul root can remove Google Play and still leave downloaded apps, how do I fix the root!

            But also *why* should I have to!

            "this is 100% not true"

            This is 100% true.

            1. Anonymous Coward
              Anonymous Coward

              Re: Google Pay = Google Play

              100% not true - my HTC Evo 4G is not rooted. Apologies for the confusion.

              I often uninstalled Google Play Services on the Evo, as it lowered battery life as well as being a form of spyware. Doing so did not effect apps in any way. It is possible that things have changed since Gingerbread, of course.

            2. Anonymous Coward
              Anonymous Coward

              Re: Google Pay = Google Play

              Here's a tip for rooting your Asus,

              If it's anything like the Acer A700 then putting Cyanogenmod on it is an interesting journey of discovery.

              For the A700 if you updated the firmware to root it you have to get all the original firmwares (from xda-developers and elsewhere on the net, I finished up with about 15 roms) and apply them in the correct order (starting with the French version of all things) till you get to the version that can be rooted.

              You have to be a right tenacious bastard to keep at it but I'm the sort of person that hates to be beaten by computers and will happily spend many hours bashing away till I get something to work.

      6. Anonymous Coward
        Anonymous Coward

        Re: This is not...

        > And Google Pay deems the security risk due to malware on a rooted phone too high.

        1.) Wouldn't this be the opposite? I would think the modding community would be the least likely of all to have this issue. I'm sure they patch issues faster than the slow OTA updates.

        2.) What threat would this pose to the ecosystem at large? If this is a 'protecting the user from the user' exercise, than leave that bullshit to Apple please.

      7. davidp231

        Re: This is not...

        If you bank with Barclays you're out of luck. I found that out when I was using it on my Jolla (since replaced with an Xperia). The app checks for the presence of 'su', and if it finds that, it deems the device has been rooted. Hide/rename that, and it works.

      8. Anonymous Coward
        Anonymous Coward

        Because Android phones are completely secure so long as they are not rooted

        The interesting question is: whom are they protecting? Me? Well, in the case of the cable company I have no doubts...

        I've had no problem with any "real" banking apps yet. HBO Now failed on a rooted Nexus 4 until I used a "hide root" utility (does it mv su? I don't know), but works OK on my 1+1 running CM12.1. Good thing for them because if it didn't work I simply would have canceled the service.

        When I discovered that Google Pay doesn't work on the rooted phone, then well, no Google Pay. No problem.

      9. 2460 Something

        Re: This is not...

        Lloyds was fine on rooted phones until their most recent update.

    3. Anonymous Coward
      Anonymous Coward

      Re: This is not...

      "Citing security reasons, Google doesn’t want rooted 'Droid phones to use mobile payments via the Android Pay infrastructure."

      If security was a concern, surely Google wouldn't be letting any Android based phones process payments. Android is by far the most insecure mobile OS. I suspect this has more to do with revenue loss...

    4. Anonymous Coward
      Anonymous Coward

      Re: This is not...

      Reality is, blogs like this would be queing up to crucify them if rooted handsets had CC details stolen.

      Hypocrites

    5. jobst

      Re: This is not...

      I find this note strange ... just check your purchased/own home. Your smart meter has a seal, your gas meter too. Most of your devices in your home have some sort of warranty protection (for a bloody good reason), routers/wifi/adsl/cable devices all have protections. No one complains when governments say "don't fiddle with your power cables" or "don't fiddle with your gas pipes" - just check out the Internet for "DYI jobs gone wrong" and you will understand. I am sure there are people that root their phones correctly without some security flaws ... but are those people in the majority? You can always root your phone AND take your credit card.

  2. Anonymous Coward
    Anonymous Coward

    Being banned from using Android Pay; Is this a threat or a feature?

    1. James 51

      Hopefully a promise.

    2. Anonymous Coward
      Anonymous Coward

      I had never even hard of it until now. Certainly not something I would ever consider using!

      1. NotBob

        I've heard of it, but still can't come up with an explanation why anyone would want or trust it.

    3. Anonymous Coward
      Anonymous Coward

      Is this a threat or a feature?

      A feature. But in all honesty, other than a few devs, the majority of people rooting phones do so (I suggest) to escape the clutches of Google. The idea of rooting, installing Cyanogenmod, and then choosing Google as a payments service seems to be totally implausible, so the whole basis of the article seems to be mild outrage at a "problem" that affects nobody.

      Still, we read it, and those of us not blocking ads paid our dues for the Reg......

      1. Charlie Clark Silver badge

        The idea of rooting, installing Cyanogenmod, and then choosing Google as a payments service seems to be totally implausible

        Not to me. I root because I want to dump the crapware installed on my phones and to get security fixes faster and for longer.

        As for the service provider: I'll use whoever I think offers the best service in a free market.

        1. Anonymous Coward
          Anonymous Coward

          Agreed. I'd like to root, but haven't since my old Galaxy S2. I'd be likely going to stock Android or to TouchWiz Android minus carrier bloat. I use the Google Now Launcher, so TouchWiz doesn't bother me much.

        2. Tom 7

          @ Charlie Clark

          "As for the service provider: I'll use whoever I think offers the best service in a free market."

          Best of luck with that - I've got only one option since BT bought out EE as they are now the only one whose signals reach here!

      2. Michael Habel

        I root for only the one reason, and thats to get the fork away from all of Googles Ads. That the only Device I have that even has NFC is a Neuxs 7 (2012), I can only yawn over Google Pay at the moment.

    4. Anonymous Coward
      Anonymous Coward

      Using my phone as a cash wallet and for banking ?

      I'll leave that to the brave amongst us, and by the way, when your phone is buggered, nicked, hacked, out of charge etc I'll happily lend you a £20 note at Wonga rates.

      The more they overthink the plumbing, the easier it is to stop up the drain.

      1. Anonymous Coward
        Anonymous Coward

        Good Morning Captain

      2. Anonymous Coward
        Anonymous Coward

        A better truth

        "Using my phone as a cash wallet and for banking ?

        I'll leave that to the brave amongst us who, after complaining loudly about governmental bureaucrats seeing out their private data and acquiring it by subterfuge via sneaky, sleazy underhanded laws written behind the public's back, are willing to openly GIVE it to just about anyone if said handout comes attached to free, shiny baubles by a person who works for private enterprise."

        FIFY

  3. djack
    Alert

    To all of you with older phones...

    Your manufacturer no longer sends out patches for your device. You have two options..

    * Continue using your device for financial stuff and have the whole thing compromised exposing all that data to the bad guys.

    * Have a secure device but lose the ability to do financial stuff with it.

    Bloody typical.

    it's not just Google that has this idiotic mindset, banks do that too with their mobile banking apps.

    1. petur

      Re: To all of you with older phones...

      Except that of course your second point is not really the truth... I know plenty of people who root their phone for other reasons (not quite legal ones) and since they basically just follow some descriptions on some forum to do so, throw the security out of the window.

      It may be better if the apps would pop up a warning saying that if you continue you accept all liability if something goes wrong that turns out to be caused by your phone

      1. Anonymous Coward
        Anonymous Coward

        Re: To all of you with older phones...

        > since they basically just follow some descriptions on some forum to do so, throw the security out of the window.

        You completed missed the point.

        But yes, following steps on a forum is equally as big of a security issue as heartbleed or stagefright, I guess.

    2. dotdavid

      Re: To all of you with older phones...

      "* Continue using your device for financial stuff and have the whole thing compromised exposing all that data to the bad guys.

      * Have a secure device but lose the ability to do financial stuff with it."

      While I agree with your sentiment I must point out that some custom ROMs, like CyanogenMod, actually don't execute as rooted by default. In the latter case you have to enable root using a developer option, so you can still get the benefit of the quick updates without root.

      1. djack

        Re: To all of you with older phones...

        "While I agree with your sentiment I must point out that some custom ROMs, like CyanogenMod, actually don't execute as rooted by default."

        Lucky you. I installed CM11 (or maybe 12) on my Galaxy S3 when Samsung stopped issuing updates.

        There seemed nothing that I could do to make the Barclays mobile app to not claim my phone was rooted. I know that there were a few settings to try and prevent the detection of the 'root', but none of it did the trick.

        1. dotdavid

          Re: To all of you with older phones...

          Hmm, never heard about the Barclay's app before. That does seem pretty ridiculous - xposed and rootcloak has always worked for me with other apps like Three's wifi calling one.

  4. Anonymous Coward
    Anonymous Coward

    Why they're asking that in the first place

    The article fails to explain it, but there's a technical reason: they used to require a physical secure element in the phone. Now they don't, it's purely software stuff. That allows them to tap into a wider phone market and lessen any dependency to phone manufacturers. But accordingly, that made them worried hacking the thing has become easier.

    http://www.nfcworld.com/2014/03/17/328326/google-wallet-ends-support-physical-secure-elements/

    1. Yet Another Anonymous coward Silver badge

      Re: Why they're asking that in the first place

      If their security depends on their being a secret bit of software which is present on millions of phones also owned by the bad guys - then they have no security.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why they're asking that in the first place

        "If their security depends on their being a secret bit of software which is present on millions of phones also owned by the bad guys - then they have no security."

        So SSH with private keys isn't secure?

        1. Yet Another Anonymous coward Silver badge

          Re: Why they're asking that in the first place

          Not if you put the private key on millions of devices as a certain giant corporation, that should know better, did

  5. badger31

    Whew!

    I thought for a moment this would be something to care about.

  6. Kbanwait

    They let you do what they want, they said...

    Yea, but, open source!

  7. Joe Drunk

    It's a tradeoff, just like with IOS

    Do you really need to have your device rooted/jailbroken? If so, you will lose some functionality/features. My cable company also provides a mobile app for watching live tv on my Android phone. My phone is rooted so it refuses to run as do numerous android apps. I don't watch anything on a small screen except the occasional youtube clip. I choose a rooted phone over features I will never use. I don't do any financial transactions on my phone.

    If you need to have your entire life on your phone, rooting is not for you.

    1. Charlie Clark Silver badge

      Re: It's a tradeoff, just like with IOS

      I don't watch anything on a small screen except the occasional youtube clip.

      Neither do I but my phones does MHL so it's easy to connect to a large screen.

      1. Michael Habel

        Re: It's a tradeoff, just like with IOS

        Thankfully my Phablet does Miracast, so no need for MHL Cables.

  8. Phil W

    No problem here

    I really don't see a problem here. Removing access to apps that process financial transactions on rooted phones seems perfectly reasonable as a security measure to me.

    Sure for those "enthusiasts" who insist on having their devices rooted it might be an inconvenience, but surely restricting this potential attack vector for financial fraud is slightly more important? Even if you yourself are not going to abuse root access to do anything untoward with financial apps, that doesn't mean someone else isn't and that as a result they may end up compromising the security of others.

    Not to mention, despite having been a user of rooted Android devices and custom roms in the past. I feel an ever decreasing need for either of those things with modern phones. Back in the days when a single core ~800Mhz was not uncommon in a phone, then yes I felt the need to root so that I could overclock and otherwise optimize the device to make it usable.

    But these days with 4 cores being pretty much the minimum in any mid level, or higher, device I see very little need (other than fairly weak ideological "I want full control of my device that I paid for" arguments) for rooting.

    Not allowing you to use a particular app on your device after you've performed an unsupported modification of the OS doesn't really seem like a discriminatory act to me anyway. It is comparable to the idea of expecting Microsoft to support the installation of Office on a Surface tablet after you disable secure boot and install some flavour of Linux.

    Fundamentally, yes it is your device and you can do what you like with it. Just don't expect things to allowed or supported on it if you do something unsupported to modify it.

    1. BitDr

      Re: No problem here

      If the problem is that the app can be too easily subverted once you have control of your device, then perhaps they should not have dedicated apps (which IMHO gather too much personal info anyway) and stick to using their websites.

      P.S. My devices are not rooted and I refuse to use the app of my financial institution as it wants too much access.

      1. Charles 9

        Re: No problem here

        That's entirely up to them since they can always check the Agent tag. Then again, it becomes a case of pick your poison: open yourself to hacking or starve yourself of practically your entire clientele.

        1. Phil W

          Re: No problem here

          "open yourself to hacking or starve yourself of practically your entire clientele."

          Are you trying to say the pratically everyone who has an Android phone and/or uses Android Pay has a rooted device? I admit that a great many people have rooted Android devices, but as a percentage of total Android and/or Android Pay users I think the number that are rooted is relatively small.

    2. Paul Shirley

      Re: No problem here

      Yes, there's less ongoing need to have root BUT you still need to yank out all the crapware shipped with devices. Luckily unrooting is easy, so root, do the 1 off fixes, unroot, carry on as normal.

      Personally I value having regular scheduled backups more than payment apps I never intend to use, too many app updates break them and reverting isn't an unrooted option.

      1. jason 7

        Re: No problem here

        To be honest I've had a few smartphones in recently to setup and most of them have been pretty easy to clean up unrooted. Samsungs are a bit of a pain but with my LG G4 I was able to uninstall 90% of the LG stuff and disable the rest. Slap on a new launcher and icon pack to taste and away you go.

        Not difficult.

    3. Cassini
      FAIL

      Re: No problem here - but there is...

      I'm looking to root my 'phone, not because of the other stuff, but because it is VERY insecure.

      I have a Samsung S3 and, as many of you know, Samsung suck big time at providing updates. So I am forced to switch to CM, and that involves rooting the 'phone. (No, I'm not buying another 'phone because buying hardware to upgrade the software is a shitty way to go.)

      I accept that there is an increased attack profile for my banking app, but is it more than I am already exposed to? Shouldn't it be my call to decide which path is the less vulnerable? I would be happy if my bank app said something like "your 'phone is rooted - do you accept responsibility for the security of this device?"*, but just cutting me off from what is a very useful app is simply unacceptable.

      * It's not as if they pointed out the vulnerabilities in the first place.

      1. Phil W

        Re: No problem here - but there is...

        "So I am forced to switch to CM, and that involves rooting the 'phone."

        Installing a custom ROM on Samsung devices doesn't necessarily require root. Odin lets you flash custom ROMs on most Samsung Galaxy devices without root (although it does have here there be dragons warnings when you attempt it). Even if root were required to gain access to flash a custom ROM, there's no reason the ROM you flash should have root.

      2. Anonymous Coward
        Anonymous Coward

        Re: No problem here - but there is...

        I've rooted and installed cyanogenmod on a S3(work) and S4(personal), root within cm is something you have to enable so I'm not sure how banking apps would interpret that, Barclays does not like root though not tried it with cm, Tesco is fine with root as long as you don't certain apps installed e.g. wifinspect.

        The great thing about cm is you get to choose what google apps you install, I recommend pico (http://opengapps.org/) and if you need anything else install the individual apps.

        One tip I can give you that caught me out is "google play services" as your battery will drain at a ridiculous rate till you go into privacy in the setting and stop it from waking up etc... oh and those privacy settings are great for stopping every tom dick and harry from reading your contacts/location/media/camera/microphone.

        You'll be glad once you do it because you'll actually start to think your phone is a little more yours.

      3. Lakerjuck66

        Re: No problem here - but there is...

        CM works great on my GS3; I would HIGHLY recommend not installing anything Google, as the battery life is more than double for me without Google services. I simply backup any apps I want to keep with apk extractor and manually install them once it's setup. I don't do anything that is sensitive on my mobile devices though, so I can't speak to banking apps. In order to update apps you'd have to manually sideload them, which I'm fine with because I don't use many apps.

  9. jason 7

    Rooting...isn't what it was.

    I stopped bothering rooting my phones a couple of years ago. Never looked back. Rooting just gives you less and less as time goes on.

    The phone software and hardware is pretty sorted now and all rooting seems to give you is a whole new set of headaches and the feeling of constantly nursing your phone.

    It's just a phone dammit. You'll but another in 12-18 months time probably. Suck it up and just use it as intended. Life is too short.

    1. Known Hero

      Re: Rooting...isn't what it was.

      Yes ill just Buy another one, right after burning bundles of all this disposable cash I have floating about.

      And how on earth does what phone you have got anything to do with the problem at hand ?

      1. jason 7

        Re: Rooting...isn't what it was.

        1. You do some homework and find the right phone for you for the £300+. A lot (not all) of people that root are the type that do not dwell too long with a particular phone. Nature of the beast. me? I stick with a phone for 3+ years.

        2. The problem at hand is rooted phones not being able to use the pay network. The thing is, have the folks who religiously root, actually stopped to think recently that the practice they have been doing the past 5 years is still worth it? For quite a few...probably not worth it now.

        1. Known Hero
          Facepalm

          Re: Rooting...isn't what it was.

          1. £300+ BWAAHAHAHAHAHAHAHAHAHA. Yeah right! Ill let the kids know they better not exercise for the next month. £50 would be a stretch atm.

          2. My point exactly, why are you even mentioning using a new phone, people do not root their phone just because their contract is up !!! They root because it allows them to achieve whatever the goal they want to reach, getting a new phone is not achievable from rooting your old one.

          1. jason 7

            Re: Rooting...isn't what it was.

            Now I have no idea what you are on about here.

            Due to your obvious budgetary constraints this situation doesn't even concern you.

            1. Known Hero
              Thumb Up

              Re: Rooting...isn't what it was.

              @Jason 7, I'm on about the fact you seem to think that people have £300+ quid to spend on a mobile phone every few years. Nope not going to happen, and its not by choice.

              P.s. apologies for my aggressive tone the other day, I currently have a flu and I am not phrasing myself in the correct manner.

              @dave 126, Cheers for the heads up, Its the Xperia Z original haven't had a case for it yet but I'm pretty careful with my devices (so far) hoping its going to last another 2 - 3 years minimum.

              1. jason 7

                Re: Rooting...isn't what it was.

                Not a problem chap. These conversations often would be so much better served over a pint and a packet of pork scratchings down the pub!

                Here however, its the mad scramble to get your point across that sometimes leaves a bit to be desired.

                Get well soon!

          2. Dave 126 Silver badge

            Re: Rooting...isn't what it was.

            >They root because it allows them to achieve whatever the goal they want to reach,

            I believe Jason's point is that as Android and its hardware matures, there are *some* things that once required rooting that now don't.

            It is perfectly plausible that an individual might their phone for a specific purpose. If that 'missing feature' is then added to a newer version of Android, then this user has less motive to root.

            That's fine, YMMV.

            My phone seemed to work pretty darned well out of the box, as a phone, as a Walkman, as a spare camera - whatever. So I don't faff around with it. But hey, I can understand if not everybody's new phone works as it should for them, either because of dodgy vendor software, or their own individual needs.

            So no advice from me... Except for Known Hero: don't buy the official Sony case for your Xperia, it doesn't protect one edge of your screen, and the repair bill isn't cheap :)

            1. Charles 9

              Re: Rooting...isn't what it was.

              Well, as soon as they'll let me perform a complete (nandroid) backup from stock, just in case there's a severe corruption (have had this happen after a few Sleeps of Death), and perhaps a user-configurable firewall, and the ability to update Android without carrier intervention, then I'll hand no more need for root.

              1. Anonymous Coward
                Boffin

                Re: Rooting...isn't what it was.

                Sounds like you need a phone running Xiaomi's MIUI.

                You can download and install just about any ROM version.

                You can back up everything to the MI Cloud or your PC

                You can update via the phone itself, or buy using the MI suite on your PC to contact the MI update server directly - sod waiting for the phone carrier to offer it.

                MIUI is installed as standard on a wide range of Chinese sourced phones now, and can also be installed on some branded phones from Sony, LG etc.

                Just make sure you get the "Global" version if you dont read Chinese.

              2. Lakerjuck66

                Re: Rooting...isn't what it was.

                "update android without carrier intervention"

                yes, i agree that's most of why i root. However I don't think you'll see any solution to that ever really, Google already tried several times and Android is too big and varied to get control back over without a major sea change at this point I feel.

            2. jason 7

              Re: Rooting...isn't what it was.

              Thank you Dave126!

              Basically just because you've always done something a certain way, doesn't mean you should continue doing it that way.

    2. Lakerjuck66

      Re: Rooting...isn't what it was.

      For the most part I agree, but being able to drill in and kill all the damn wake locks that android has massively improves battery life in my experience. The other way is just not using Google services, which more than doubles the standby time on my GS3, ymmv.

  10. Drefsab_UK

    Rooting

    I'm one of those user's that buys a phone with intention of rooting it from day one.

    I've been stung in the past by manufacturer's (HTC) who dropped support for their devices leaving certain standard features broken because of their own crappy software. IE the HTC one X+ a 64gb quad core tegra 3 phone with HTC's own software had a bugged bluetooth stack (AOSP worked fine). The device is perfectly service able and fine but because of flawed software has issues and security flaws that were unpatched. Rooting allowed me to have the device work correctly on patched roms.

    I now have the Nexus 6 but my old HTC still works perfectly for a family member and its rooted.

    I certainly feel no need to use my phone to pay for things, I will just use my card for that. But I certainly will not stop rooting, the device I can't root is one I will buy.

    1. DainB Bronze badge

      Re: Rooting

      Some people actually do care about warranty.

      1. Michael Habel

        Re: Rooting

        As well as they should. But even the Warranty won't last forever. And by the time it lapses your most likely these days to be at least three major revisions back, as the OEM, would prefer you kindly buy their new Device that does the exact same thing, but unlioe your current Device with 4.4.2. Kitkat, the newer version.... Might, just might come with Marshmallow 6.0.x. if your lucky!

        1. werdsmith Silver badge

          Re: Rooting

          Forgot my phone today, it's been on the charger at home since Friday.

          Couldn't care less.

  11. DainB Bronze badge

    rooted or not

    with a recent torrent of vulnerabilities discovered in Android the closest my phone can get to my bank account is when it is in same pocket with bank cards. And those are in RF blocking wallet.

    1. Anonymous Coward
      Anonymous Coward

      Re: rooted or not

      The lineup for tinfoil hat fittings is over that way ---->

  12. Anonymous Coward
    Anonymous Coward

    Will Wileyfox sales increase ...

    If you want a carrier-agnostic crapware free phone, you could do a *lot* worse than a Wilefox Swift/Storm

    I have vowed to *never* buy a network locked phone again, after needing an emergency handset for my son, and discovering *none* of the 14 working old handsets I had would work with his giffgaff SIM. Not even the O2 ones.

    1. Dan 55 Silver badge

      Re: Will Wileyfox sales increase ...

      But worth mentioning that unlike CyanogenMod, CyanogenOS does not come with built-in root.

      1. Anonymous Coward
        Anonymous Coward

        Re: Will Wileyfox sales increase ...

        Yes, but as others here have stated, the *primary* reason for rooting their (network locked) devices was to remove the crapware.

        Wileyfoxes come without any crapware installed to start with.

        1. Yugguy

          Re: Will Wileyfox sales increase ...

          I have a Swift and I absolutely love it. No bloatware. Enough resources to run Galaxy On Fire 2, which is the most graphic and processor intensive app I have.

          CyanogenOS comes with enough customisation built in so that I don't really need to root. PrivacyGuard is superb - it covers ALL apps including Google.

          1. Dan 55 Silver badge

            Re: Will Wileyfox sales increase ...

            Root is necessary for AdAway though.

    2. Gerry 3

      Re: Will Wileyfox sales increase ...

      Wileyfox is horrendous - DO NOT BUY ! Worst product I've ever bought. No instructions, so trial and error is the only way to stumble across what it does. It seems to come with 127 apps, most of which want to phone home at my expense, snoop on my contacts etc. It won't receive even texts, and it locks up my car radio if I make a phone call so I can't end an outgoing call, even by switching off the radio. It's just one big nightmare.

      It's either hideously incompetent, a box full of spyware, probably both.

      1. Roj Blake Silver badge

        Re: Will Wileyfox sales increase ...

        Gerry 3 - are you Sergey Brin in disguise?

        The Swift is a lovely phone.

        I don't see the problem with a lack of instructions - if you can do stuff with Android you can work out how to do it with Cyanogen and it's a hell of a lot easier to stop Google tracking your every move than it is rooting other phones.

        The only real problem is that the USB socket doesn't always grip plugs properly, but that's only a minor annoyance for me.

      2. Dan 55 Silver badge

        Re: Will Wileyfox sales increase ...

        Are you talking about the same phone as mine?

        If a phone comes with instructions these days, they tell you how to charge it and turn it on and off in 20 languages then they leave you to get on with it.

        (Maybe the rumoured Nokia mobile will rejuvenate the art of mobile phone manual writing, who knows.)

      3. Yugguy

        Re: Will Wileyfox sales increase ...

        @ Gerry 3

        What a massive load of crap.

  13. Anonymous Coward
    Anonymous Coward

    Ha ha

    So Samsung won't update by Android, including security updates, but that's fine. I see a flaw in the rationale.

  14. Anonymous Coward
    Anonymous Coward

    "I'll just go on using a slim, lightweight, easy to carry, plastic card"

    That's an option, yes, although the reports I've read are that Apple Pay (and presumably Google's) are deemed to be more secure than your debit card contactless payments - reason being that your card number, account number etc aren't used, but an authorised token instead which doesn't reveal anything else about your account and is easily revoked (your sort code/account number isn't), plus it requires proof you are authorising the transaction (i.e. fingerprint/password).

    1. alpine

      They would say that wouldn't they, they're looking for customers!. Personally, I'd never use contactless payments either and it's not enabled by default on my cards.

      1. Anonymous Coward
        Anonymous Coward

        "They would say that wouldn't they, they're looking for customers!"

        Industry reports, not Apple/Google reports.

        http://www.alphr.com/apple-pay/1001156/how-secure-is-apple-pay

        Whether you believe that they're just schilling for Apple though, is up to you

        1. Charles 9

          PCI would be interested in Apple Pay and Android Pay as both use EMV over NFC, which provides much the same level of security as the Chip: both use nonces, so even if the data gets stolen, it's of no use to credit card thieves, plus both require explicit user consent to unlock the feature (thus why you can't use them without actual lockscreens), preventing even an NFC skimmer posing as a merchant from going unnoticed.

  15. tiggity Silver badge

    If google made it possible to easily revert a vendor phone to "vanilla" android - i..e. getting rid of all the uninstallable junk the vendors put on, then a lot less people would want root.

    Handset manufactures & service providers have both added lots of (by default uninstallable as "system apps") unwanted dross to low end android phones I have purchased in the past, and rooting was only way to free up some space & improve performance by getting rid of those (many "always on") junk apps.

    It is not such a major issue of more recnt higher spec phones, but still wasted space & needless battery hassle

    Plus there are the legit things that are hard to do on non root phone that should be possible

    e.g. want to do proper sniffing to check for malware - hopeless on unrooted phone (jhave to do workaround such as phone on wifi only and then sniff your local wireless traffic instead using a non android device)

    e.g.only way to stop some "always on" apps / services is to have root privs to be able to tweak the settings

    1. Anonymous Coward
      Anonymous Coward

      Google has no incentive to make it easy for you to remove that stuff

      That stuff makes phones cheaper, by creating other sources of revenue / future revenue for the phone OEM. Cheaper phones means more phones sold which means more eyeballs for Google to sell.

      1. Charles 9

        Re: Google has no incentive to make it easy for you to remove that stuff

        So they're not worried about it backfiring, as in more cruft means more likely they WON'T get the phone?

        Personally, I'd be more interested in a plain vanilla Android phone, but Nexus phones don't offer SD slots or removable batteries, which are both make-or-break requirements for me.

        1. Anonymous Coward
          Anonymous Coward

          Re: Google has no incentive to make it easy for you to remove that stuff

          What phone are they going to get instead of Android? It has no real competition except the iPhone, and that's only at the high end price (and those who are looking for SD slots or removable batteries like you are won't find them there either)

          If there was a mass market competitor for Android then Google might be encouraged to act differently, but so long as they are the only game in town for the under $500 market (yeah, technically there's Windows phone in the sub $500 market, but if people consider that at all obviously not enough do or it would have more than the 2% share it gets)

          1. Charles 9

            Re: Google has no incentive to make it easy for you to remove that stuff

            NO phone. I've made up my mind that, unless my current phone (a modified S4) breaks, I'm not getting another phone until I can get it vanilla WITH SD slot AND removable battery (if it does break, I'll get the closest match that I can modify secondhand and keep waiting).

            I'm reminded of an ad for an electronics store since gone to that brand name scrap heap. This was right during the big HDTV push, and the guy claimed to be so confused about "SDTVs and HDTVs" that's he's ready to instead get "N-O TV."

  16. Anonymous Coward
    Anonymous Coward

    Hmm, Galaxy tablet S3

    still allowing rooted payments. Ok, i know its not a phone but what the fuck does the inclusion or ommision of a GSM module matter??

  17. Ru'

    If google were more worried about security and less about prying, then they'd come up with a manufacturer/carrier agnostic method to apply security updates themselves.

    I can't be bothered to root my mobile just for fun (these days; years ago I'd probably do it for the lulz) but I really would like something newer than android 5.0 on my S5 please.

    1. Michael Habel

      At least your S5, has Lollipop. Some of us with the Tab Pro,still have to get on with Kitkat.

      1. Anonymous Coward
        Anonymous Coward

        At least Kitkat hasnt got all the battery issues Lollipop has suffered with.

        My Xiaomi is Kitkat based, and none the worse for it.

        1. Charles 9

          You do know there are a bunch of multimedia- and MMS-based exploits open in most Android versions. If you have an unmodded KitKat, you're one of those in trouble.

        2. Anonymous Coward
          Anonymous Coward

          "My Xiaomi is Kitkat based"

          At least with Xiaomi you can upgrade some of them to Windows Mobile.

    2. Charles 9

      I think they're working on it with Marshmallow and improved overlay support, but with carriers still able to have final say, some give and take is involved (such as TouchWiz and T-Mobile WiFi Calling). Perhaps they'll have a better solution by the time of Android N. They may also decide to bring back the Secure Element or something similar to establish some Trusted Path.

  18. Anonymous Coward
    Anonymous Coward

    Always a way around IT

    You're phone is now OWNED by corporate greed but, where there is a will, there's XDA

    1. Thecowking

      Re: Always a way around IT

      No, you're a phone!

    2. jason 7

      Re: Always a way around IT

      XDA - Where folks go to turn their smartphones into full time Tamagotchi's, without the fun.

      Life is too short.

  19. Michael Habel

    So Google are expecting us to keep Samsung, and Co. well fed, and watterd then? 'Cause I for one refuse to update my Phablet every year 'cause Samsung can no longer be arsed into supporting a Device that had only came out, but a year (or so ago). And have gone on record as stating that said Device was never gonna see an update, past the stock Firmware it shiped with.

    The Twetwater has it right fork Google! And, use Plastic that only concerns me, the Seller, and my Bank. Its like those scamy Loyalty Card things. For the life of me, why I should want to feed the Machine with more of my personal Data, is somehow, lost on me.

    1. Charles 9

      Because at least you get compensated for it with discounts and the like. Otherwise, they'll find other ways to data mine you and you get nothing for your trouble except junk mail.

  20. sisk

    I still hold that using your phone as a pay-by-bonk device is foolishly dangerous. The security on most phones just isn't strong enough to make me comfortable with that idea. Granted the security on a piece of plastic is functionally non-existent but folks tend to not leave those pieces of plastic lying about the way they do with phones.

    1. Charles 9

      No, they leave WHOLE WALLETS, leading to complete identity theft.

      Anyway, some of us have to wear clothes with no pockets.

  21. Anonymous Coward
    Anonymous Coward

    What I want is basically a laptop in a smartphone format with an application that makes phone calls or sends texts, running an easily replaceable operating system preferably some flavour of L*nux.

    I don't want to pay for anything with my phone, I don't wish to haemorrhage data to whichever company built the phone or operating system every time I make a call, I'm not interested in angry f*cking birds

    I just want a machine that does what I tell it, when I tell it & not what someone else tells it

    1. sisk

      You could always build a phone around a RasPi. It's been done. Granted you'll end up with something that looks and weighs like a cell phone from the 80s, but at least you'll have total control over it.

  22. zen1

    Maybe I just don't get it

    but with the inherent vulnerabilities of both droid & iOS, why would any security conscious individual actually want to use apple or google pay systems? While I'm sure I'll get flamed for asking such a preposterous question, it just seems like every single day there's just another hack that allows some one access to your phone. Obviously, there will be those who love it for the convenience but, after seeing daily disasters with online banking for individuals, can anything really good come from any of this?

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe I just don't get it

      Apple uses a secure element in the iPhone, no security exploit against iOS can access it so it remains secure. And it doesn't store the actual card number in any case, but a special substitute number that is only valid for use with Apple Pay from that one phone, so even if you got it it would be useless to you. The only "exploit" anyone has found against Apple Pay is to use social engineering to get a bank to allow you to enable someone else's card on an iPhone - which is really no different than simply stealing their card number and either using it online or making a counterfeit card using that number to use in a store.

      Google doesn't use a secure element for Android Pay - they use host card emulation. That's a software based solution so they can't allow rooted devices to use it because it would defeat the security - it also means compromising the security of Android compromises its security. Google made that choice because requiring a secure element would lock out the lower end Android phones that choose not to include it for cost reasons. They care less about security and more on getting their hands on as much juicy purchase data as possible to help their advertising business. Knowing what people end up actually buying and how much they spend is the crown jewel for online advertising - it is so valuable I wouldn't be shocked if Google starts paying people to use Android Pay (at least for certain people with lots of disposal income who are the most valuable to advertisers)

      1. Charles 9

        Re: Maybe I just don't get it

        "Google doesn't use a secure element for Android Pay - they use host card emulation. That's a software based solution so they can't allow rooted devices to use it because it would defeat the security - it also means compromising the security of Android compromises its security. Google made that choice because requiring a secure element would lock out the lower end Android phones that choose not to include it for cost reasons."

        And by doing so, they improved uptake of Google Wallet which helped keep NFC on the map until EMV-on-NFC came along (Apple Pay and Android Pay both use this now. Google Wallet virtual cards are being retired IIRC). The main reason for this move in Android Pay is at the behest of the banks who basically made it a prerequisite. Given this security requirement, Google may be more inclined to set up a hardware-based trusted path for future Android phones and in particular for Android N going forward. It's more affordable to do it now especially since Apple are helping bring economies of scale to the Secure Element market.

  23. Lakerjuck66

    This is really just proof that Google's payment system is poorly designed and insecure by default. Even with jailbroken iOS devices, there is not way to access anything related to Apple Pay, and even if you could, it's not useful as none of your personal data is ever passed to a retailer. I find this quite hilarious. It's almost like having some things restricted is more secure.

    1. Charles 9

      All iPhones that can use Apple Pay have Secure Elements. Google tried that in the past but were ahead of their time: SE's then were expensive and finnicky. Perhaps all Android Pay phones using Android N or whatever in future will have to incorporate a Secure Element, too. This will mitigate the need for root checks if push comes to shove. Another possibility (at least with ARM) is to use TrustZones or other hardware-based encrypted-execution zones again where not even root can intrude.

  24. JoeF

    Old news

    You guys are a couple of months behind on this.

    People like me who root all their Android devices have known this for months.

  25. Sub 20 Pilot

    Like a lot of people I just want my phone to work as a phone, have good battery life and pick up emails on a large readable screen. Not interested in games, data grabbing apps, subscriptions to music or films etc.

    I have no idea why anyone would use one of the google/ apple / whatever pay systems or the contactless debit cards. A huge security problem in every case and your responsibility to prove you did not make a transaction as there is no secure pin or whatever. All of this at your cost in time etc obviously.

    On top of this the phone pay systems have the added benefit of all your transaction details passed on to the fucking leeches ( google / apple etc) to make money from and to inconvenience you with adverts and monetise the data even further.

    I will carry on making BACS payments from my secure(ish) pc and pay by Credit Card which at least has some level of accountability and audit. It will be a sad day when I decide that the extra two seconds saved in typing in a secure password over waving a card at a small box with no way of proving that it was indeed a valid transaction.

  26. Old Handle
    Alert

    Google Play

    One thread of comments earlier seemed to imply Google Play will no longer work on rooted devices. Is that actually true? None of the articles or comments elsewhere on the web seem to mention this point, which if correct is a pretty big deal.

    1. Charles 9

      Re: Google Play

      I can only see this being enforced on systems with Marshmallow, which enforces the dm-verity system integrity program all the way from bootup.

  27. JustWondering
    Thumb Down

    Not a chance

    This makes no difference to me. Use a phone as a wallet? You have to be kidding me. If someone wants to steal my wallet they will have to talk to me in person, making the process a lot more complex than taking advantage of a software glitch.

  28. Daniel Voyce

    One of the Articles above states:

    "You can disable SU access in Super Su" and payments will work as expected, a minor inconvenience...

    So all someone needs to do is allow some kind of Quick Shortcut for this in the notifications and it really isn't an issue, I'd like it as a backup, contactless is used heavily over here in Aus and it would be great to not have to carry my wallet around at times when it would be a pain (e.g. out running and stopping for coffee / breakfast afterwards) - I usually have my phone strapped to me!

  29. Happy_Jack

    I use Paytag to make contactless payments with my rooted Android...

    http://www.home.barclaycard/how-we-work/innovations/PayTag.html

    1. Charles 9

      Re: I use Paytag to make contactless payments with my rooted Android...

      But it only supports ONE BANK. Android Pay and Apple Pay support many banks, including multiple banks on the same account.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like