If you're rooted, not very. There are apps in Google Play that are legitimate, yet mine your data to sell to whoever wants to buy. All Cheetah Mobile products for example. This is in their terms of service, so people are actually giving consent. But installing any app from such a company with root means unfettered access to everything. If you aren't rooted, apps are still sandboxed.
Sorry but "rooted" does not mean you automatically give root access to every app. You can still decide which app can have root access, which not. In the above case, he only installs banking and finance apps (without root access) and no more, not even use the device to browse the Internet. I fail to see how dangerous it is simply because the device is rooted.
In this scenario, Google isn't responsible anymore. Unlike in cases like SafetyNet.
I'm not talking about which should be responsible. Rooted can be safe if the user knows clearly what he is doing. It is more dangerous if the user is reckless and does not have any sense of security. An unrooted device does not help to save his butts. The user is usually the weakest link in security.
It's not just about you. Bank apps have access to bank database. They're not only worried about third parties like rogue apps or customROMs, they're worried about you the user as well. If bank apps can run on rooted phones, this provides unrestricted access to the bank app from a different app, essentially making a big security hole in their system.
A cyberthief can use this to hack into the bank and steal from them. So in fact, someone who knows what they are doing is a bigger reason for banks and Google to enforce SafetyNet. Letting users choose to enable SafetyNet or not is more dangerous for the app makers. In the scenario you are describing, only two things will happen: Bank apps will develop their own ways to prevent being used while rooted or on CustomROMs (games like Pokemon Go has had this even before SafetyNet was active), or stop the app service altogether.
If this is the case, the bank should redesign its app. SafetyNet can be fooled, so do other root detection methods. A cyberthief would find a way to run the bank app in a rooted device anyway.
What's more some bank/finance apps simply let them run, or only disable some features but not disallow running. It is beyond me they still let them run if it were so dangerous to allow an app to run in a rooted device.
Last edited:
Upvote
0