Oh boy. After taking considerable heat from the privacy and security community over cracks in Google Wallet, the company updated the NFC payment app to close a security loophole. That apparently didn’t do anything to close the vulnerability for rooted devices, discovered in February. Instead of address the problem for rooted phones, Google seems to be sticking by its recommendation the rooted users not install Google Wallet. In a fit of expediency, they’re making sure that root users know their position: Google Wallet now displays an “unsupported device” warning message when run on a rooted phone.
Tap the link in the warning message, and you get a brief explanation of the root vulnerability and Google’s strong admonition that you avoid using the app on your phone. It’s pretty good advice, too: given a set of admittedly unlikely circumstances, it’s possible that a thief could gain access to all of the funds stored in your Google Wallet account. Granted, said thief would have to know that you had the app, understand the nature of rooted Android and then find and execute the exploit, but hey – better safe than sorry.
Some may take exception with Google’s approach, insisting that they have a responsibility to support all Android users. We respectfully disagree. When you root your Android phone or tablet, you’re taking control of the software away from Google, the manufacturer and the carrier – at that point, you take the responsibility as well. Though Android doesn’t come with any explicit or implicit warranty, and neither does Google Wallet, you can consider yourself warned at this point. If you don’t feel safe using Google Wallet, pull out your real one and pay the old-fashioned way.