After Australia Post launched their new Parcel Send app last month, users rushed to install the app but a number of them found they were not allowed to run the app.
The reason? Their phones were rooted.
We approached Australia Post about this at the time, and they advised they couldn’t set up a meeting with their digital content manager, but could pass on feedback. With a current 2.2 rating in Google Play and 16 out of the 25 reviews left giving a one-star rating, we thought that the feedback was sent loud and clear. It’s apparent that some people are not too happy about the situation.
The app has a few thousand installs (Play lists it at between 1,000 – 5,000) but a vocal minority – myself included – wanted to know the reasoning behind checking for root, and the app disabling itself if found.
On Wednesday, Australia Post advised us that we wouldn’t be able to speak with a representative to discuss the matter, but they again offered to pass on comments – the second time this had occurred since the release of the App.
Chris’ post led to Ausdroid being contacted by an Australia Post spokesperson who offered this statement about the reason for the root check on the device:
Australia Post is committed to implementing best practice when it comes to protecting user data.The Australia Post Parcel Send app stores customer data within the app, and we have implemented security standards to reduce the risk of fraud and theft of information.When a mobile device is “rooting” or “jailbroken” it is more difficult to verify the integrity and security of the device.
We have made significant investments in both improving the availability and quality of mobile services, with a lot more to come. We have also implemented best practice security by seeking to become Payment Card Industry Data Security Standard (PCI DSS) compliant. We take both security and user accessibility very seriously, with the goal over time of applying new technologies that reduce the need to trade-off between open access and strong security.
Neither my bank, PayPal, nor a number of other apps which handle personal details or credit card information care whether or not my device is rooted, but Australia Post has decided that they wish to become ‘Payment Card Industry Data Security Standard (PCI DSS) compliant’, so they will continue to disable their Parcel Send App on rooted devices.
It is prudent to realise that the percentage of users who root their phone is in the minority, but there are reasons for doing so and the large majority of people with root access are quite technically savvy and know of the security implications. If you’re a root user on your Android Device and you wish to use the Parcel Send App, the best idea would be to give feedback to Australia Post, through Google Play, Twitter, Google+ or even Facebook
