Hyderabad: The SBI (State Bank of India) card app has been asking users for root access, which means the application can gain complete control over one’s android mobile phone, including hardware. It could control the performance, speed and response time of your phone. This issue was first notified by user L. Guruprasad on Thursday, who shared a screenshot of the request by the app seeking root permissions.
The user pointed out, “It is perfectly fine to detect whether the device is rooted and refuse to run if it is. But actually requesting for root permissions is mind-blowing! The app in question is developed by GE Digital or one of its sister divisions.” This app has been downloaded from the play store by more than a million users on their android devices. Having root access is not the same as access to text message or contacts; unless a user is technologically sound, allowing such access is not required.
Initially, SBI responded by tweeting, “Your app does root-check to ensure that your account is accessed from secured devices only and app is not installed on a rooted device.” Paytm had also come under fire for seeking root privileges and responding in the same way. There is no reason for apps to request such access. Often apps seek a lot of permissions inclu-ding microphone, camera, and location, but by rooting, the app can control performance as it will get access to the CPU (central processing unit) also.
This access is taken to perform a check to ensure if the bank account is being used from a secured device. However, experts opine that to check if a phone is rooted or not, an app need not request access. French security resea-rcher Robert Bapatiste, who uncovered this issue with the Paytm app, said, “There is no valid reason to ask the root. We had the same discussion with Paytm months ago.” He suggested SBI Card Connect to use the correct way to check if a device is rooted at the earliest.
This tweet garnered a lot of attention and soon users started to check their apps, and users pointed out that even the Axis and ICICI banks allegedly request root access. If a device is rooted, then the phone’s behaviour can be modified in ways the manufacturer has not intended. While the official handle also assured that SBI will take all preventive measures to keep SBI Card account access secure, soon the tweet was deleted and SBI is yet to respond on the issue.
