Paytm Stops Seeking ‘root access’ To Android Users
Paytm Stops Seeking ‘root access’ To Android Users

After it was flagged by a French security researcher, payments player Paytm in a new update on its app has stopped seeking ‘root access’ from users. Paytm has fixed what is being seen as one of the most sensitive access controls it was asking from its users on Android phones. The security researcher, who goes by the name of Elliot Alderson on Twitter said that Paytm.

 Earlier, if a user allowed the app root access, Paytm would virtually have complete control over the device.

Alderson said, “Root access is essentially one of the most significant entry points for any Android device which can manipulate the operating system of the phone. It can access other app information, chat details, among many other things on the device. This is not an Android permission like having access to text messages and a user’s phone book. Unless totally savvy with technology, allowing root access is not advised by tech experts.”

Paytm has maintained it was seeking root access due to requirements laid out by the payments umbrella body, NPCI which mandates checking if a device is rooted.

 A part of the message by Paytm to Alderson read, “We are still checking if a device is rooted or not but the method has changed with a different coding. While the earlier method was foolproof, the latest one means to check if a device is rooted or not with a success rate of about 70-80%,” a Paytm spokesperson said without divulging details. “The fix does not require a new app on the Google Play Store. The engineering team pushed a config (configuration) change.....”

Alderson said root access goes beyond standard permissions sought by various apps which is why it is contentious. However, it does not necessarily mean one would misuse the access.

He said, “This (root access) is the Holy Grail. You can do whatever you want with that-—steal data from other apps, read private conversations, explaining the possible implications of getting root access. Alderson, in the recent past, has raised security issues on Aadhaar, BSNL among others, showing availability of sensitive data that can be accessed leveraging technology when the security layers aren’t adequate.

 
Stay on top – Get the daily news from Indian Retailer in your inbox
Also Worth Reading