Jul 24th, 2015

samsung pay 1

For all the great benefits of Samsung Pay, including a great secure system for processing payments and the flexibility to be used with hundreds of millions of pre-existing payment terminals, there is bound to be a downside. One downside, according to folks who are currently trialing the service in South Korea, is that it cannot be used on rooted devices. We’d heard this would be the case before, but it’s nice to get some confirmation from those who have been fortunate enough to be using the service.

samsung-pay-rooted-prompt

Before you throw your arms up and curse everything with Samsung’s name on it, you have to understand that security for wireless payments is a tricky and touchy thing. It was fine for NFC-only solutions to allow root because Google Wallet, and other wireless payment platforms, made use of secure elements to store information in a secure encrypted volume.

But Samsung Pay goes beyond simple NFC, with the company using technology called Magnetic Secure Transmission (MST for short) to help move information to terminals which don’t support NFC.

Even though Samsung believes they have as secure a system for processing your payments as they can find — which doesn’t store any meaningful information on your device and makes use of unique encrypted tokens instead of transmitting actual credit card data — they would be doing their customers a disservice to allow Samsung Pay to be operational on a device with unrestricted access to system files.

And even if rooting your Samsung Galaxy S6 or Note 5 doesn’t fully expose your Samsung Pay information to any no-gooders, there’s still risk to be had by having your device rooted. For instance, a keylogger app could be secretly installed on your device, and it could still pick up your keystrokes when you’re putting your information into Samsung Pay for the first time.

That’s a bit of wild scenario as most malware apps have to be installed by a user before it can perform any meaningful action, but it’s still something Samsung has to consider. It would be unreasonable to expect them to compromise the integrity of their Knox security platform by putting such sensitive information at risk.

So, that leaves you with a sad choice: you can either root your device and give up Samsung Pay, or use the device as the manufacturer intended to access to its full suite of features. It’s possible Samsung’s stance could change by the time the service leaves trial status (which should be happening sometime soon) so feel free to let your voice be heard if this doesn’t sit well with you.