SUMMARY
The App Stopped Asking For Access After Being Flagged By French Security Researcher
Last week, Paytm app asking for root access on Android phones had raised major concerns. Now after being flagged by a French security researcher, the digital payments player has fixed the sensitive issue in its app on Android phones.
As per a TOI report, the security researcher, Baptiste Robert, who goes by the name of Elliot Alderson on Twitter, told TOI that Paytm in a new update on its app has stopped seeking ‘root access’ from users after he highlighted the issue with the company.
If a user allows the app to gain administrative access also known as root access or superuser access it will, in theory, have complete control over the device.
Rooting allows users to gain privileged control of their Android devices, thus removing any barriers to modification and teaking of the device’s software. Once a device is rooted it can be used to modify the device’s behaviour. Normally this is restricted to the user himself. However certain apps though can be given this privilege that allows them complete access to the device and its system software.
Thus earlier, if a user allowed the app root access, Paytm would virtually have complete control over the device.
Alderson pointed out that root access is essentially one of the most significant entry points for any Android device which can manipulate the operating system of the phone. It can access other app information, chat details, among many other things on the device. This is not an Android permission like having access to text messages and a user’s phone book.
Hence unless a user is totally savvy with technology, allowing root access is not advised by tech experts.
When the issue was raised, Paytm had stated that it was seeking root access due to requirements laid out by the payments umbrella body, NPCI which mandates checking if a device is rooted.
At that issue, Paytm founder and CEO Vijay Shekhar Sharma had said that NPCI had asked the app maker to check for rooted devices before enabling access to UPI payments.
“We are still checking if a device is rooted or not but the method has changed with a different coding. While the earlier method was foolproof, the latest one means to check if a device is rooted or not with a success rate of about 70-80%,” a Paytm spokesperson told TOI without divulging details.
As per the company’s message to Alderson, the fix does not require a new app on the Google Play Store. The engineering team pushed a configuration change.
Alderson said root access goes beyond standard permissions sought by various apps which is what raises concerns. Because with root access, the Paytm app can do anything it wants on the phone, read a user’s messages or go through his call history. Even though Paytm had pointed out that it doesn’t intend to do any of this but still it raises concerns about the privacy of the user, the security of the device, and of a possible threat from hackers.
Given the rise in threat from malware and hackers, it is natural that Paytm app asking for root access on Android phones has raised concerns as it does lead to a possibility of breach in cyber security. With the issue being resolved, users can at least now rest assured that sensitive data on their phones cannot be accessed easily now with the Paytm app.
[The development was reported by TOI]
