As hackers we like to play around a lot and today we have a few interesting tidbits to share. Lately +Phandroid and others have been posting that the latest update to Google Wallet is asking for root permission, and, if granted, disabled access to the application. Well that's just not right.

There are two classes in the Google Wallet APK that seem to be responsible. The interface, com.google.android.apps.wallet.security.RootedPhoneDetector, defined a single method, isRootedPhone(). The class com.google.android.apps.wallet.security.RootedPhoneDetectorImpl is the actual implementation that checks for root access.

We've taken the liberty of posting the RootedPhoneDetectorImpl class on +pastebin. Here is the interesting thing: it has three different ways of checking if you device is rooted in a certain order! The order goes:

- Check if your system is signed with test keys (i.e. a non-stock custom ROM).
- Check if the Superuser app is installed in /system/app/Superuser.apk.
- Check if the su binary exists and can be executed (this will prompt the user to grant this app root access).

We could also like to mention that there is another class, com.google.android.apps.wallet.data.ClientConfiguration with a method isRootedPhoneDetectionEnabled(). As its name implies, it checks to see if it should even bother checking if root exists. The com.google.android.apps.wallet.datamanager.local.ClientConfigurationManagerImpl class is the implementation of that class. By default Google Wallet is set to not check for root: enableRootedPhoneDetection_ = false; However, although we haven't found out where some other component of Google Wallet must be altering this setting based on other parameters. Some users are complaining about being prompted for root, others not. Who knows!

Anyway that's all we've got for you right now. As always happy hacking!
Shared publiclyView activity