Earlier this week, reports emerged that Paytm was found to be asking for root privileges on Android devices. Now, an avid user of Android would know that it’s very unlikely and questionable that a reputed brand like Paytm asks for root permissions from their users. The Paytm support team was then contacted by folks at Beebom on Twitter after this issue came to surface, and it was apparent that they didn’t have a solid justification for the trouble caused. Their reply turned out to be highly unsatisfactory. Paytm said that the app asked for root permission ‘just to gather details about the device and its OS version.’
Now, it’s fairly well known that even though apps require access to this information but Android has measures in place in their OS natively to cater to these requests from the applications. Given this fact, the asking of root access from the Paytm was an absurd request. To add to the problems, upon further enquiry the Paytm team stopped replying to the messages.
A simple google search on the term ‘root access’ will tell people that even though these permissions can be used to tweak one’s devices internally, they can also be misused against the users to obtain data and make undesirable changes to the device. There also exist other payment apps like BHIM which similarly ask for root access but eventually depend on the Android’s SafetyNet technology to get them the required information about the device and the Android version. Now it really becomes a concerning question that Paytm being a highly renowned brand in India, dealing in mobile payments where security is of the top concern, is asking root access from the users putting their security at risk.
Finally, this question could only be answered over twitter where this matter was taken up on by Baptiste Robert, a French security researcher who often takes interest in the security measures of Indian tech companies and is fairly known on Twitter as Elliot Alderson.
He contacted Paytm and raised questions about the root access issue. His conversation with Sr. Vice President at Paytm, Deepak Abbott ended with Abbott telling him that the app was requesting root access simply to alert the user. After some days, while the conversation kept going on Twitter Paytm finally managed to come up with an update which fixed the issue about the app asking about the root user permission.
Due to an upfront interference by Elliot Alderson, the issue was finally solved, and the app has stopped asking for superuser request, but it is disturbing even to think that it happened in the first place in a very large scale company which deals with millions of users. This obviously makes us wonder about the security measures these companies take to ensure user privacy and security. The ethical implications of the same can be very deeply inflicting.
We believe that Paytm is not the only company to put aside ethics and security aside in the race of payment companies. More brands like BSNL and Truecaller have also been in the limelight for all the bad reasons. So it can be concluded that when it comes to the question of data security, privacy and protection there are some very big flaws which are often overlooked in the Indian tech scene.
Almost every smartphone user in India knows about Paytm, being the leading mobile payments company in the country. Even though there has been tough competition from the likes of Google, Paytm has managed to retain its position on the top and has become favourite of the Indian users. But this fact doesn’t save Paytm from being surrounded by controversies. Paytm was also caught in a fight between Facebook on the issue of users’ data security but the payment giant itself hasn’t been too innocent when it comes to the security of its own users and their privacy.
