Paytm App Asking for Root Permissions: Here's What Happened
Paytm is undoubtedly the biggest brand in the country when it comes to digital payments. While other brands such as Google Tez have been trying to grab up, Paytm still remains at the elevation. Nevertheless, the brand has never been shy of controversies.
After getting into a feud with Facebook over user'southward privacy and the launch of WhatsApp Payments, it appears equally if Paytm itself hasn't been been spared the criticism for information security issues and a lackadaisical attitude towards privacy.
Before this week, many users reported that Paytm was reportedly asking for root privileges on Android devices. Afterwards confirming the issue ourselves, we contacted Paytm customer intendance for an official response. Their response was rather absurd, stating that the app requests for root privileges for the sake of device details and OS version.
Let's get 1 thing straight – Android apps do crave device details such as Bone version and more, but Android natively has permissions for that. Requesting root access is completely unnecessary in this case. Every bit such, Paytm's official response to was highly unsatisfactory, and upon further inquiry, the team stopped responding to us.
Every bit a personal note, here's what I feel: Root privileges while being extremely useful for the right user, can besides exist used to exploit vulnerabilities within the installed apps, or get logs from other apps. As such, I tin can understand why a banking app would want to bank check for root access on a user's device. For protection, right? Still, there are apps out there such as BHIM which also check for root access on i's device, but rely on the operating arrangement's SafetyNet technology to cheque that. Asking for direct root access is non just bad exercise for a mainstream app, but a grave security gamble for people who might not be fully aware of what giving apps root means.
It also raises the questions every bit to what Paytm intends to exercise with those permissions. Root rights are the holy grail for an Android app. With this correct, you can exercise whatever you desire on the victim phone.
Now, while Paytm failed to reply to our questions, as well as the queries from many other users, information technology did respond to a famous personality. French security researcher and a thorn in the mankind of Indian tech companies at the moment, Baptiste Robert, better known on Twitter equally Elliot Anderson, contacted Paytm enquiring about the same. Co-ordinate to his chat with Deepak Abbot, Sr. Vice President at Paytm, the official statement was that the app was requesting root access to simply warning the user. Y'all can check out the conversation below:
While the controversy carried on for a couple of days, Paytm finally contacted Robert, stating that they accept rolled out a fix which includes a config alter to non make the su request.
Having confirmed the same, we can confirm that Paytm is no longer request for root permissions on Android devices. Notwithstanding, the very fact that information technology occurred in the first identify shines light on the lack of standard security practices even in major apps such as Paytm. We have not even touched on the ethical implications of this. Its' flip-flopping on the root event also highlights the lack of proper technical noesis even at higher levels in tech companies.
Honestly speaking, the outcome is not simply with Paytm. Many other Indian companies have been reported of implementing bad cybersecurity into their apps or web portals. Nosotros have had bad cases with BSNL, Aadhaar data, and Voter ID leaks as well. But last calendar week Truecaller Pay was found testing UPI payments on a production server, which was unsecured. So the problem in Republic of india runs far deeper than just i company.
Source: https://beebom.com/paytm-root-permissions-full-story/
Posted by: vallesdoemon1939.blogspot.com
0 Response to "Paytm App Asking for Root Permissions: Here's What Happened"
Post a Comment