Friday , October 20 2017

Australia Post comments on concerns over no-root requirement in their Parcel Send App

AustraliaPost_logo

After Australia Post launched their new Parcel Send app last month, users rushed to install the app but a number of them found they were not allowed to run the app.

The reason? Their phones were rooted.

We approached Australia Post about this at the time, and they advised they couldn’t set up a meeting with their digital content manager, but could pass on feedback. With a current 2.2 rating in Google Play and 16 out of the 25 reviews left giving a one-star rating, we thought that the feedback was sent loud and clear. It’s apparent that some people are not too happy about the situation.

The app has a few thousand installs (Play lists it at between 1,000 – 5,000) but a vocal minority – myself included – wanted to know the reasoning behind checking for root, and the app disabling itself if found.

On Wednesday, Australia Post advised us that we wouldn’t be able to speak with a representative to discuss the matter, but they again offered to pass on comments – the second time this had occurred since the release of the App.

Chris’ post led to Ausdroid being contacted by an Australia Post spokesperson who offered this statement about the reason for the root check on the device:

Australia Post is committed to implementing best practice when it comes to protecting user data.The Australia Post Parcel Send app stores customer data within the app, and we have implemented security standards to reduce the risk of fraud and theft of information.When a mobile device is “rooting” or “jailbroken” it is more difficult to verify the integrity and security of the device.

We have made significant investments in both improving the availability and quality of mobile services, with a lot more to come. We have also implemented best practice security by seeking to become Payment Card Industry Data Security Standard (PCI DSS) compliant. We take both security and user accessibility very seriously, with the goal over time of applying new technologies that reduce the need to trade-off between open access and strong security.

Neither my bank, PayPal, nor a number of other apps which handle personal details or credit card information care whether or not my device is rooted, but Australia Post has decided that they wish to become ‘Payment Card Industry Data Security Standard (PCI DSS) compliant’, so they will continue to disable their Parcel Send App on rooted devices.

It is prudent to realise that the percentage of users who root their phone is in the minority, but there are reasons for doing so and the large majority of people with root access are quite technically savvy and know of the security implications. If you’re a root user on your Android Device and you wish to use the Parcel Send App, the best idea would be to give feedback to Australia Post, through Google Play, Twitter, Google+ or even Facebook

 

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

17 Comments on "Australia Post comments on concerns over no-root requirement in their Parcel Send App"

avatar
Sort by:   newest | oldest | most voted
Sujay Vilash
Valued Guest
Sujay Vilash

I’d love to see a smartphone “rooting”. Some people should not talk about things they don’t understand or phrases they don’t know.

Nian
Valued Guest
Nian
Thank goodness they don’t have Applications like this for Windows. Imagine all the fuss if people were to be denied use of the auspost app because your loged in to Administrator. *Windows 8 has an app store right? Well can’t wait to see apps that won’t install in Administrator… 🙂 Root = Administrator for Linus (Android). Not hard to explain that, if more office staff knew that, the less issue we would have. Instead, we have companies like Vodafone, Optus and Telstra, that lump rooted phone users in to the same category as software pirates. This is just pure ignorance… Read more »
bob
Valued Guest

It’s funny how so many self proclaimed tech savvy people can’t seem to read or apply basic logic. Instead they resort to insults and name calling.

>The Australia Post Parcel Send app stores customer data within the app

Banking and Paypal apps don’t store anything locally. It’s that simple.

So when a rooted user with an over inflated sense of proficiency has their device compromised by malware, there is no sensitive data to be had from the banking apps. Hence they don’t care about root.

As for the argument that having more updated software makes a device invulnerable, I just shake my head.

Graham
Valued Guest
Graham
Or how much non-technical people with an over inflated sense of their own opinions such as yourself don’t realise that Australia Post could simply store the CC details server side – as banking applications do – and simply transfer the hashed details back and forth if they’re worried about root access. People who do have root access to their phone are generally more aware of what is happening on their device and hence don’t install the malware infected apps that are around, so get off your high horse and learn about the root and ROM community before you start jumping… Read more »
vijay alapati
Valued Guest
vijay alapati

Business staff might be wrongly advised about the root possibilities by a uneducated business analyst

Martin Dolan
Valued Guest
Martin Dolan

What a rubbish app. These idiots at Australia Post seem to think it’s more secure to not root your phone and use Optus or Telstra’s 6 month old & out of date software than root you phone and use the latest patched safe software from Google. Thank the gods the banks are not as idiotic and care more about our security and privacy than Australia Post does!
Makes me question how secure ANY service Australia post offers if they are this Ill informed and lax with security and my information….

James Finnigan
Valued Guest

One of the reasons that people root their phone is to get security updates (thus making their phone more secure) faster than carriers/OEMs roll them out. I love that Australia Post cite security as a reason for douchebaggery.

Jason
Valued Guest
Jason

Blah blah blah. Commonwealth Bank made this mistake with Kaching initially, until they woke up to themselves. This is what happens when clueless marketing people make technical decisions.

Also, I’d say that the number of rooted users is not as small as some suggest… look at the top paid apps in the Play Store for AU, TI Backup is #7, Tasker is #17, ROM Manager #26 and Root Explorer #27… there are a lot of rooted users out there.

Piss us off at your own peril…

FrAsErTaG
Valued Guest
FrAsErTaG

the ANZ go money application warns you that rooted phones are unsecure and asks you if you wish to continue.

They should at least offer that sort of thing.

MrJayTee74
Valued Guest
MrJayTee74

Can anyone actually confirm it checks for jail break? Or are us Android (and rooted) users being treated as second class hacker mastermind citizens

Roman Kulish
Valued Guest
Roman Kulish

If PCI DSS compliance is the reason, then they had no chance but implement rooted devices check. PCI requirements are extremely paranoid. The company I work for became compliant recently and I must admit that process was painful and hard like hell. I think that app stores some sensitive data on the device itself, unlike PayPal app and this causes troubles.

Fred
Valued Guest
Fred
You need to read it like the line items the PR hack that wrote it was given. > Australia Post is committed to implementing best practice when it comes to protecting user data. We pulled a standard off the shelf and a consultant told us what it meant. Don’t blame me. > The Australia Post Parcel Send app stores customer data within the app, and we have implemented security standards to reduce the risk of fraud and theft of information. The consultant said we needed to reject rooted phones. What do we know? >When a mobile device is “rooting” or… Read more »
Greg
Valued Guest
Greg

The best idea would be to use a different parcel service. And tell Aus-post you’re doing it.

homebrandcola
Valued Guest
homebrandcola

This is the thing, none of my banking apps care. I don’t get why AusPost do.

Shea Quinn
Valued Guest
Shea Quinn

This is the reason I moved to Android several years ago so I could root my device to get the best experience possible. I’ve not once encountered anything like this and it takes away from one of the large draw cards to the android community.

That being said I don’t mess around too much with my phone anymore but I do rock a rooted S4 with the Play Edition rom on it. Does this mean then that I will be forced to go back to that god awful touchwiz just to be able to start using some apps?

Greg
Valued Guest
Greg

It’s root that’s being blocked. Not unlocked bootloader. Root is completely unrelated to using an alternative ROM.

Chris
Valued Guest
Chris

There’s an app for that! Voodoo OTA Rootkeeper.

wpDiscuz

Check Also

Google Pixel 2 XL gets the tear down treatment – check out those active edges

It’s finally happening! Google is taking orders for the Pixel 2 XL here in Australia, …