Shared publicly  - 
As hackers we like to play around a lot and today we have a few interesting tidbits to share. Lately +Phandroid and others have been posting that the latest update to Google Wallet is asking for root permission, and, if granted, disabled access to the application. Well that's just not right.

There are two classes in the Google Wallet APK that seem to be responsible. The interface,, defined a single method, isRootedPhone(). The class is the actual implementation that checks for root access.

We've taken the liberty of posting the RootedPhoneDetectorImpl class on +pastebin. Here is the interesting thing: it has three different ways of checking if you device is rooted in a certain order! The order goes:

- Check if your system is signed with test keys (i.e. a non-stock custom ROM).
- Check if the Superuser app is installed in /system/app/Superuser.apk.
- Check if the su binary exists and can be executed (this will prompt the user to grant this app root access).

We could also like to mention that there is another class, with a method isRootedPhoneDetectionEnabled(). As its name implies, it checks to see if it should even bother checking if root exists. The class is the implementation of that class. By default Google Wallet is set to not check for root: enableRootedPhoneDetection_ = false; However, although we haven't found out where some other component of Google Wallet must be altering this setting based on other parameters. Some users are complaining about being prompted for root, others not. Who knows!

Anyway that's all we've got for you right now. As always happy hacking!
Untitled5 sec ago; Untitled5 sec ago; | 8 sec ago; Erich Lesovsky –...2 min ago; Untitled11 sec ago; Untitled11 sec ago; Untitled11 sec ago; Untitled11 sec ago. Guest. com.go...
Ishmail Mayfield's profile photoMichael Collins's profile photoMiad Hoque's profile photoThe Seven+ Project's profile photo
Interesting indeed. Too bad my phone doesn't even support wallet.
what Google is doing. Sooner or later they gone have a app that controls system to shutdown if rooted
+Ishmail Mayfield Ah, agreed. Although we must admit that the RootedPhoneDetectorImpl class is actually quite useful for us! This would allow us to, in as unobtrusive a way as possible, hide/ show options for rooted users. For example, StatusBar+ has the option for Honeycomb & Gingerbread rooted users to disable the system status bar. This could then be hidden unless it is seen that the user has root/ is on a custom ROM so as to not confuse other users.
I don't even get the point of disabling select features if the phone is rooted. Maybe some apps like WiFiKill are harmful, but then they must do something more than just disabling the Wallet. Or maybe they are afraid of incorrect transactions made by rooted phones... I don't get it...
+Peter Payne In their case, absolutely. Worst case they should prompt users telling them "If you are rooted you are vulnerable to attack" or something along those lines. For use, it is helpful to hide features from users without root because they will get their hopes up otherwise (we've had people ask us if it is possible without root for StatusBar+ to remove the system status bar... and that just can't happen).
Anyway to spoof the wallet app into thinking we're on stock android?
+Miad Hoque Not that we know of, unless your ROM wasn't signed with test keys and you renamed everything relating to su/ SuperUser.
Add a comment...