Home

Share this Story

Hey Google Wallet, Why are You Asking For Root Access?

 

Google Wallet received an update this week to make it ready for the launch of the EVO 4G LTE. But as owners of the Galaxy Nexus noticed through the Play Store that they could also update, they grew confused when they were prompted afterwards with the superuser request to give the app root access. We have heard from at least a dozen readers that the app now asks for root and have also seen at least a handful of forum threads throughout the Android world discussing it, yet no one knows why this app would be requesting it. To be honest, we also have no clue why this app would need this kind of access.

In the past, after a “security” mishap that involved root access, Google decided that it wouldn’t support rooted devices, so all we can think is that maybe this is a new way for them to verify? The odd thing is that users are reporting that the app still works whether you grant it access or not.

Yeah, we’re confused. Any help?

Cheers Joshua and everyone else who sent this!

  • Androidandwp7equalsPower

    This is google’s way of telling the user to screw the carriers and root their phones.

  • chazzdjr

    You know what… F*%K IT. Verizon I give up. You win this battle. But the WAR is far from over. You think that letting us use Google Wallet will make you lose revenue? Your desire to dangle ICS updates over our heads like carrots will leave us begging?

    Well as soon as my contracts up my $200 bucks a month will be going to a competitor with a Nexus device purchase directly from Google. Your cunning ways have tricked me for the last time. Pure Google experience?… What a joke.

    Verizon…. You sir can blow it out your ass.

  • http://twitter.com/SevenPluAndroid Seven+ Android

    We just posted on Google+ if anyone is interested in knowing how Google Wallet detects root. This is especially useful for developers when not used with bad intentions such as feature disabling. https://plus.google.com/b/114121973767140108311/114121973767140108311/posts/NDwdf3gxnBb

  • Steven Cornea

    Now again, is there a difference if I use google wallet with root or without root?

    whats unsupported about it? I know they say that to cover the security flaw but does it still work the same?

  • http://www.tedpavlic.com/ Ted Pavlic

    I’m not sure what the confusion is. As has been mentioned before, Google Wallet tests to see if you have root access on the phone. Rather than looking for “su” in all the right places (e.g., the system PATH), it may be just trying to execute it. On unrooted phones, that execution will return a system error, which will confirm to Google Wallet that the phone is not rooted. However, if you have a rooted device, you get this notification.

    Has anyone compared the result of clicking “Yes” vs “No”? Depending on how GWallet tests for the result of the call, a “No” might act the same as su not being available. That would mean easily tricking GWallet into thinking you’re not rooted when you actually are.

    Just a thought.

  • Stewie

    Worked for me under all, Gnex ….

  • http://www.facebook.com/profile.php?id=10215724 Raj Bhatt

    Really sucks that they fixed the Market trick that Kellex taught us. I have no way to get the new apk.

    • Tim242

      Market trick still works on custom roms. It willalso let you update from the all tab. Here is the newest version. http://db.tt/Rgw2YBBQ

      • http://www.facebook.com/profile.php?id=10215724 Raj Bhatt

        Thank you for posting the apk, I am on AOKP b36 but still can’t get the market trick to work.

  • http://www.facebook.com/avriley Aaron Riley

    I see it as instslled under the ALL section, but not letting me update now. Says it is not supported.

    • Tim242

      It let me, running AOKP. Here is the newest version. http://db.tt/Rgw2YBBQ

      • John Jablonski

        Not that I don’t trust you….but is there a way to verify that download?

        Assuming it’s legit….Thanks!

        Assuming it’s not….You bastard!

        :-)

        • Tim242

          It’s just a copy of the apk, using root explorer. You can verify it by version number, before setup.

  • Tim242

    I just denied root access. It still has the unsupported banner, still works.

  • WickedToby741

    It might deal with the root insecurities. If you grant it root permission, it may make changes to try and better protect the rooted user. Just a shot in the dark here, no evidence.

  • steveliv

    If the Google Wallet app doesn’t appear in your Installed apps list, swipe over to the All list and it should be located there. I used the browser/market workaround to initially install the app and for the next update or two it was in the installed list, however after the next update it was missing and i though it was gone. I swiped over to the All list and there it was ready to be updated. So check in that list.

  • trophynuts

    i just noticed that none of this matters because my 3rd G Nex is a pos

  • duke69111

    Mine removed my google prepaid card when I first updated. I uninstalled and then reinstalled from the play store, setting it up again and its working with no problem now.

  • ninjamasterguy

    Seeing as how this app has never needed Root before and knowing that Root is known security risk, why would I grant SuperUser access to it. If I go willy-nilly and allow every app that thinks it needs SU access, then what is the point of every app needing to ask? Maybe thereare some people who shouldn’t have root access.

    • 4n1m4L

      It doesn’t matter. If you are rooted, every app you give su access to now has access to Wallets data

  • Karl

    For those that are no longer seeing it in the installed apps tab, try looking in the “All” section. I was able to find it and update through the market that way (Verizon GN, AOKP M5) but it still doesn’t show up under “installed.”

    So while you may not be able to count on it prompting you to update, at least it looks like we can still get it through the market if you did the hack to install through the market origonally.

    • http://www.facebook.com/avriley Aaron Riley

      I see it in the ALL section, but no way to update now. States it is not supported.

    • moelsen8

      thanks for this. it was in the “All” section. for anyone else that can see it there and open it, it’s taken me about 2 hours to get it to actually download and update. it sits there forever.. then it might error out, one time i killed it when it was hanging on 2%.. but most times it doesn’t start. i forgot about it the last time i pressed the “update” button and now when i looked it says it updated. sweet. thanks for the fun, verizon.

      edit: scratch that. now it’s not even in the “All” section and i have no idea if it updated. it’d be nice if that section could be organized to make it useful. what a ridiculous, random mess of all the crap i’ve ever installed.

    • michael

      Yep, mine was moved over under “all” somehow in the past month or so isnce the last time I updated it. Also My wallet did not ask for superuser access when I updated, and I’m not rooted or anything, just stock.

  • Mordecaidrake

    I denied it and the app still works. Granted I haven’t actually used my phone as a wallet yet, need to find me a NFC reader haha

  • Matt Gondek

    Just noticed Wallet no longer shows up in my list of apps, although it still works on my phone? GNex AOKP M5

    • Corey Foltman

      maybe that was what the small update to the Play Store was? when it became 3.5.19 Wallet disappeared from VZW phones?

      • UndergroundWire

        It happened before that. At least with me it did. Samsung Galaxy Nexus (LTE)

    • moelsen8

      yeah, i can’t get my wallet to reattach to the market now either.

    • Nelly547

      It is not under installed. You can find it the all tab. That is where I found mine to update it. Hope it works for you.

    • realfoxm

      You’ll need to slide over to ALL APPS. then update

      • http://twitter.com/jsmith4260 JR Smith

        I have found the app under “All Apps”, but I don’t have the ability to update it, It says that my device is not compatable (VZW 4.0.2)

        • derekross

          Uninstall, then use the Google Play/ Browser work around to re-install it. Works great.

      • Matt Gondek

        Ah yes, I forgot about that pesky new tab. +1 to you kind sir

  • Mike

    I noticed that if I grant it root access, it doesn’t ask me for my pin, but if I deny root access it asks for my pin.

    • duke69111

      I allowed root access and it still asks me for my pin.

  • Corey Foltman

    Is there a new way that works to get Google Wallet through the market? I don’t want to have to find the new apk whenever it gets updated.

    • duke69111

      I used the market trick a few months ago to get it installed and it disappears from the market but can still be updated.

      I’m not sure if the market trick still works.

    • 4n1m4L

      The old way of using the browser and the play store still worked for me.

      • Corey Foltman

        i tried last night and it wouldnt work for me…said that i dont have any devices that can install the app…i installed apk(last version released)…if i force to link to market, will that work?

        • 4n1m4L

          http://www.youtube.com/watch?v=jI-f2T4cCWI

          You have to be sure to log out of your account in the browser. otherwise it will say none of your devices support… if you wait to log in it should still be there. oh and don’t let it auto log you on, you have to manually type in your credntials

          • dan

            It doesn’t work anymore, it brings you to the download page in the play store but there is no download button

  • MikeCiggy

    I wonder if Isis will give us any problems if were rooted. Hmm

    • BrianWenger

      Since it’s coming from the Prime Evils (carriers), I’m sure it will.

  • http://fujibayashi.jp/ Gasai Yuno

    The old version of the Battle.net Authenticator app also asked for root rights on rooted devices. It then informed the user that it’s not secure using it on a rooted device (whether you allowed or denied access, didn’t matter).

    The most current version neither asks for root rights, nor displays a warning.

    I’m pretty sure that it just requests elevation to check if the device is rooted. On a non-rooted device there were no warnings whatsoever.

    • http://www.tedpavlic.com/ Ted Pavlic

      Again, this is very close to the truth. Rather than testing for the existence of a “su” binary on the device, it actually tries to execute it. Executing the su binary pops up this dialog. It’s not “elevating” or anything like that — it’s just testing to see if there’s an executable super user binary available on the system.

      • http://fujibayashi.jp/ Gasai Yuno

        Well, calling su is by itself inherently a privilege elevation (or “delevation”) request unless performed with command-line switches like -h.

        • http://www.tedpavlic.com/ Ted Pavlic

          It’s not an API call. It’s a system call. And the system call will only execute as root if granted permission. Nothing is “trying” to elevate. Nothing is looking for root access. Instead, the app is just looking to see if the binary exists (and, apparently, is available and executable).

          • http://fujibayashi.jp/ Gasai Yuno

            “Looking to see if it exists and is executable” is done via a separate call. Not via exec(). The popup appears because the app tried to exec().

          • http://www.tedpavlic.com/ Ted Pavlic

            Again, “Rather than testing for the existence of a “su” binary on the device, it actually tries to execute it.” It’s unlikely that the app is actually trying to get root. For some reason, the implementation tries to execute the app rather than just looking for its existence. On an unrooted phone, the result would be the same.

          • http://fujibayashi.jp/ Gasai Yuno

            Sure, but it doesn’t really make an exec() call not an exec() call. So I’m not sure how exactly am I wrong when I state that it tries to execute the su binary.

  • http://twitter.com/DaveCMorales Dave Morales

    Still doesn’t work for me. Allowed root access, CM9 on Gnex.

  • http://twitter.com/tomoncewaslost Tom Reynolds

    When I granted access it stopped working. I went back and denied access and it started working again.

    • http://twitter.com/drazyw Chris Allen

      Yeah that was my thought. Just deny it, and it doesn’t get it and thinks it’s all good.

  • http://www.facebook.com/Vereynn Tim Draper

    Sometimes apps check for SU privileges as a way of detecting whether the device is rooted, not necessarily for any root use by the app itself

    • 4n1m4L

      Then this one should disable itself to be more secure

      • Jon Lambert

        The concern wouldn’t be Google Wallet having root access because it doesn’t needto steal its own data.

        • 4n1m4L

          It sees that you have defeated androids security though. If I was designing a program that stores peoples credit card info I wouldn’t allow it to run in an insecure environment either

    • Tim242

      It still knows I’m rooted, even though I denied access…

      • http://www.facebook.com/Vereynn Tim Draper

        Yes, but the fact that the O/S didn’t go “huh?” when asked is the only important part, if all it’s trying to do is see if the phone’s rooted.

      • http://www.tedpavlic.com/ Ted Pavlic

        This makes the most sense. It should expect the system to tell it that the executable is not available. If you’ve received the dialog, then “su” has been executed and you’re done for, regardless of how you respond.

        • Tim242

          Not done for. It still works just fine. Used it today.

  • http://twitter.com/Defenestratus Defenestratus

    It works – thats why it says “unsupported device” at the top?

    • ERIFNOMI

      It’s said unsupported device at the top for some time now, but still works. Do we really have to go through this again?

    • moelsen8

      yeah, wasn’t wallet detecting root and saying that at the top before all this? at least on my phone it knew i had root before.