Rooted Android

Just wanted to express my appreciation to the team at Monzo for allowing rooted Android Devices to run their app. So many banking apps don’t, and it really is a niche use-case, but it really makes using my bank ten times easier.
Thanks

4 Likes

Is there still a pop up that detects a rooted device, warns you, but still allows you to proceed? I think I remember that being a thing for the Monzo app. I think that’s more than adequate.

I never had that experience, worked identically to before I rooted without hiding it from magisk.
Edit: magisk from it*

I dont root or use custom roms on my main device (my phone) so dont have experience with financials apps and rooting, but can someone explain what the actual issue is that makes financial apps shy away from working on rooted devices?

I’m no expert but those banks would have you believe that rooted devices have security vulnerabilities.

Which is kinda silly because assuming the client device is compromised is a standard way of designing secure server software. There should be nothing a vulnerable device can even do. Separately you make it hard for an insecure device to leak personal information (Monzo for example refuses to run if it detects screen overlays, which can capture account information).

2 Likes

Most banks and credit card companies won’t allow their software to be run on rooted devices. Stupid or not, they build the software and they set the terms and conditions if you want to bank with them and use their services.

What I would say is that a rooted phone is possibly more open to compromise and banks by their nature will want to reduce the number of possible attack vectors. I would imagine Infosec departments are pretty busy.

Finally yes it’s probably wise to assume the device is already compromised but relying on software controls to assume the operating system will tell you something like the screen can be read isn’t foolproof. The very fact that malware can compromise a device already shows it has a vulnerability.