After Australia Post launched their new Parcel Send app last month, users rushed to install the app but a number of them found they were not allowed to run the app.
The reason? Their phones were rooted.
We approached Australia Post about this at the time, and they advised they couldn’t set up a meeting with their digital content manager, but could pass on feedback. With a current 2.2 rating in Google Play and 16 out of the 25 reviews left giving a one-star rating, we thought that the feedback was sent loud and clear. It’s apparent that some people are not too happy about the situation.
The app has a few thousand installs (Play lists it at between 1,000 – 5,000) but a vocal minority – myself included – wanted to know the reasoning behind checking for root, and the app disabling itself if found.
On Wednesday, Australia Post advised us that we wouldn’t be able to speak with a representative to discuss the matter, but they again offered to pass on comments – the second time this had occurred since the release of the App.
Chris’ post led to Ausdroid being contacted by an Australia Post spokesperson who offered this statement about the reason for the root check on the device:
Australia Post is committed to implementing best practice when it comes to protecting user data.The Australia Post Parcel Send app stores customer data within the app, and we have implemented security standards to reduce the risk of fraud and theft of information.When a mobile device is “rooting” or “jailbroken” it is more difficult to verify the integrity and security of the device.
We have made significant investments in both improving the availability and quality of mobile services, with a lot more to come. We have also implemented best practice security by seeking to become Payment Card Industry Data Security Standard (PCI DSS) compliant. We take both security and user accessibility very seriously, with the goal over time of applying new technologies that reduce the need to trade-off between open access and strong security.
Neither my bank, PayPal, nor a number of other apps which handle personal details or credit card information care whether or not my device is rooted, but Australia Post has decided that they wish to become ‘Payment Card Industry Data Security Standard (PCI DSS) compliant’, so they will continue to disable their Parcel Send App on rooted devices.
It is prudent to realise that the percentage of users who root their phone is in the minority, but there are reasons for doing so and the large majority of people with root access are quite technically savvy and know of the security implications. If you’re a root user on your Android Device and you wish to use the Parcel Send App, the best idea would be to give feedback to Australia Post, through Google Play, Twitter, Google+ or even Facebook
If PCI DSS compliance is the reason, then they had no chance but implement rooted devices check. PCI requirements are extremely paranoid. The company I work for became compliant recently and I must admit that process was painful and hard like hell. I think that app stores some sensitive data on the device itself, unlike PayPal app and this causes troubles.
I’d love to see a smartphone “rooting”. Some people should not talk about things they don’t understand or phrases they don’t know.
Thank goodness they don’t have Applications like this for Windows. Imagine all the fuss if people were to be denied use of the auspost app because your loged in to Administrator. *Windows 8 has an app store right? Well can’t wait to see apps that won’t install in Administrator… 🙂 Root = Administrator for Linus (Android). Not hard to explain that, if more office staff knew that, the less issue we would have. Instead, we have companies like Vodafone, Optus and Telstra, that lump rooted phone users in to the same category as software pirates. This is just pure ignorance… Read more »
It’s funny how so many self proclaimed tech savvy people can’t seem to read or apply basic logic. Instead they resort to insults and name calling. >The Australia Post Parcel Send app stores customer data within the app Banking and Paypal apps don’t store anything locally. It’s that simple. So when a rooted user with an over inflated sense of proficiency has their device compromised by malware, there is no sensitive data to be had from the banking apps. Hence they don’t care about root. As for the argument that having more updated software makes a device invulnerable, I just… Read more »
Or how much non-technical people with an over inflated sense of their own opinions such as yourself don’t realise that Australia Post could simply store the CC details server side – as banking applications do – and simply transfer the hashed details back and forth if they’re worried about root access. People who do have root access to their phone are generally more aware of what is happening on their device and hence don’t install the malware infected apps that are around, so get off your high horse and learn about the root and ROM community before you start jumping… Read more »
Business staff might be wrongly advised about the root possibilities by a uneducated business analyst
What a rubbish app. These idiots at Australia Post seem to think it’s more secure to not root your phone and use Optus or Telstra’s 6 month old & out of date software than root you phone and use the latest patched safe software from Google. Thank the gods the banks are not as idiotic and care more about our security and privacy than Australia Post does!
Makes me question how secure ANY service Australia post offers if they are this Ill informed and lax with security and my information….
One of the reasons that people root their phone is to get security updates (thus making their phone more secure) faster than carriers/OEMs roll them out. I love that Australia Post cite security as a reason for douchebaggery.
Blah blah blah. Commonwealth Bank made this mistake with Kaching initially, until they woke up to themselves. This is what happens when clueless marketing people make technical decisions.
Also, I’d say that the number of rooted users is not as small as some suggest… look at the top paid apps in the Play Store for AU, TI Backup is #7, Tasker is #17, ROM Manager #26 and Root Explorer #27… there are a lot of rooted users out there.
Piss us off at your own peril…
the ANZ go money application warns you that rooted phones are unsecure and asks you if you wish to continue.
They should at least offer that sort of thing.
Can anyone actually confirm it checks for jail break? Or are us Android (and rooted) users being treated as second class hacker mastermind citizens
You need to read it like the line items the PR hack that wrote it was given. > Australia Post is committed to implementing best practice when it comes to protecting user data. We pulled a standard off the shelf and a consultant told us what it meant. Don’t blame me. > The Australia Post Parcel Send app stores customer data within the app, and we have implemented security standards to reduce the risk of fraud and theft of information. The consultant said we needed to reject rooted phones. What do we know? >When a mobile device is “rooting” or… Read more »
The best idea would be to use a different parcel service. And tell Aus-post you’re doing it.
This is the thing, none of my banking apps care. I don’t get why AusPost do.
This is the reason I moved to Android several years ago so I could root my device to get the best experience possible. I’ve not once encountered anything like this and it takes away from one of the large draw cards to the android community.
That being said I don’t mess around too much with my phone anymore but I do rock a rooted S4 with the Play Edition rom on it. Does this mean then that I will be forced to go back to that god awful touchwiz just to be able to start using some apps?
It’s root that’s being blocked. Not unlocked bootloader. Root is completely unrelated to using an alternative ROM.
There’s an app for that! Voodoo OTA Rootkeeper.