So it finally happened. The Netflix app shows in the Play Store as incompatible if your device is rooted. Sad to see you go Netflix. Uninstall. Unsubscribe.

Netflix joins a host of other apps that will not work on rooted devices. Apps such as Android Pay, various banking apps... I've even seen a supermarket loyalty card app stop working on a rooted device! I don't pretend to understand the politics and business decisions behind these choices, but the reasons that have come out so far make little sense to me.

Take Android Pay. Numerous people have complained about the fact that it doesn't work on rooted devices. Every time someone from the team responds it's with the same stock answer.

To help ensure customers' payment information is safe, participating banks require Google to verify the security model on the device. Unfortunately, when a device is rooted, Android Pay loses the ability to make that verification. Our product team is exploring options to address this.

Other than the fact that the product team have been exploring options for months now with nothing to indicate any progress (why would they bother really? The percentage of users with rooted devices must be tiny so why go to any trouble for them?) it seems odd that my bank's app works just fine on a rooted device. That app allows me to transfer money to other accounts of value higher than £30 (the current UK limit for contactless payments) and it is happy that my device is rooted.

And why not let me shoulder the burden? I chose to root my device, so why not me decide whether to take the risk of using my phone as a payment card? Banks don't stop Windows users without anti-virus software, running as Administrator, not having the latest patches from Microsoft installed and using Internet Explorer from logging in to their accounts over the web. So why stop me on this device just because I have root access? This device that has a firewall installed to prevent any old app from accessing the Internet because I rooted it.

Perhaps they are not protecting my from myself. Perhaps the issue is that some unscrupulous Android device owner with root access could find a way to make a payment and not have it charged to them. Or have it charged to someone else. Well if that's the case then there's a bigger issue than root access and no one should be using their device for contactless payments until the whole system is secure. Any system that relies on the client being secure is not a secure system.

Back to Netflix. Rooted devices were fine until recently, so it has been a conscious decision to change. It's likely to be DRM related but, again, it was fine until recently. And a DRM mechanism that isn't secure against a rooted device doesn't sound like DRM to me.

But my beef here is summed up in a simple question; does Netflix work on desktop/laptops where the user has root/admin access? If the answer to that question is "yes" then there is no reason why the same courtesy shouldn't be awarded to Android users who have root access to their devices.

What could Google do to Android that would get me to unroot my devices? To be honest I'm not sure I would unroot all my devices as I like to have that control - blame my devops/sysadmin background. :) But I might unroot my phone.

The obvious way would be to give me root or root-like access through an official mechanism. It doesn't even have to be under normal running operation. Either root access through adb or root access in recovery, like TWRP gives.

Of course that is highly unlikely. So perhaps the question is best answered by answering the question of what I use my root access for.

Firstly is backups. Titanium Backup is my tool of choice here. I can move data from my phone to my tablet and back again. I can make backups of individual apps and their data in case an update messes things up. I can back up all apps and all their data so I can perform a factory reset on my phone and get everything back exactly as it was before. Give me that capability Google and maybe we can start to talk.

Secondly is network filtering (oh, ok, ad-blocking). I have a custom hosts file that redirects a whole load of domains into the nowhere. The thing about that method is it blocks all apps, whereas installing an extension to my browser only stops the browser. Device-wide filtering Google where I and only I get to choose what is on the list and the conversation gets interesting.

Thirdly is network blocking. When Google introduced the permissions model in Marshmallow the one big mistake that they made in my opinion was not making "normal" as well as "dangerous" permissions revokable. If I can stop apps from having Internet access through valid, official means then the conversation is practically over. I'd more than likely unroot my phone.

So that's my root rant. I like to have root because it allows me to do some things that the official Android build doesn't give me. And those things I believe actually make my device more secure. Yet my devices are being treated as if they have a big "hack me" sign pinned to the back. So I ask for either Google to fill the gaps so I can unroot, or for the app developers to write their apps so that root access is not an issue.

Darren @ Æ


comments powered by Disqus