A few of you have noticed that the Xinja app does not work on rooted Android phone, and you asked us: “But why?”
Believe me when I say it has been (and still is) a heated debate within Xinja around the decision to allow or not allow rooted devices . As a bank, and more so as a very young bank, we are still in the process of reinforcing all of our defences and have to often err on the side of caution. As a start-up that believes technology is there to make everybody’s life easier, we do not want to limit what our customers can do with their devices. Finding the right balance is a challenge we are facing every day!
Some of the controls we consider to prevent threats are not always ideal from a user perspective. These controls (such as root-blocking) might be temporary until we implement more robust / less intrusive functionalities. But as much as we are working extremely fast, there is still a long road for us to deliver all the financial products, user functionalities and technical capabilities we want to offer to our users.
In the case of root-blocking, we took the decision to temporally enforce this protection because our app still strongly relies on the device’s security capabilities to protect our customers. With root access, it is easy to bypass these capabilities and we want to limit the risk our customers are exposed to, especially if they lost their mobile phone or if the phone was stolen. It is not a perfect protection, as very advanced users could find ways around it, but it is a deterrent for people with bad intentions.
As our platform and app mature, we are moving away from the device’s security capabilities and embedding them into our platform directly, offering more options for our customers to stay protected even if they don’t have access to /have lost their device.
So as you can see, we are not forever bound to the decision to block rooted devices. It is definitely something we are going to review going forward, especially as we deliver more capabilities that will certainly make this solution redundant. Some security functionalities we are looking at in the future, such as more flexible device management options and more granular security options for power-users, will put in question the need of blocking root access and we will review it then.
Thanks all and feel free to contact us if you have any question around our app and how we secure your money and your data at Xinja
JB (aka @xinjasecure)