x

Square says my Android device is rooted BUT its not!

Square you need to allow all android devices that are not rooted which mine is not to have access to the contactless chip reader, I cant connect, 2 months old from the OPTUS store, i've checked the rooting of the device and it comes up with no root. 

You need to upgrade the software please because i'm not the only one getting this message out there. 

57,100 Views
Message 1 of 70
Report
1 Best Answer
Admin

Best Answer

Hey there,

 

Thank you for your message! 

 

The message that you're seeing saying your device is rooted may be related to Developer Options being enabled on your phone. Apps to check the rooting of a mobile device also need to be uninstalled from your mobile device before you can connect a Square Reader.

If you've already disabled developer options, restart your phone, and have another go. I would also recommend checking your phone's compatibility on our page!

 

We are always working towards having more Android compatibility, but sometimes a mobile device does not meet all the security requirements to support card processing, and we need to be mindful of our customers' private card information being processed securely.

 

Cheers!

Seamus
Square, Australia
Sign in and click Mark as Best Answer if my reply answers your question.

View Best Answer >

57,090 Views
Message 2 of 70
Report
69 REPLIES 69
Admin

Best Answer

Hey there,

 

Thank you for your message! 

 

The message that you're seeing saying your device is rooted may be related to Developer Options being enabled on your phone. Apps to check the rooting of a mobile device also need to be uninstalled from your mobile device before you can connect a Square Reader.

If you've already disabled developer options, restart your phone, and have another go. I would also recommend checking your phone's compatibility on our page!

 

We are always working towards having more Android compatibility, but sometimes a mobile device does not meet all the security requirements to support card processing, and we need to be mindful of our customers' private card information being processed securely.

 

Cheers!

Seamus
Square, Australia
Sign in and click Mark as Best Answer if my reply answers your question.
57,091 Views
Message 2 of 70
Report

I have the same issue. Galaxy Note 8 which is supported. Updated to latest Android software update. My phone is not rooted, and has never been. Have double checked with checker apps. I am able to store Google Pay card details on my phone. I don't have Developer Options switched on (I did but switch it off). I have restarted the phone. I have reinstalled the app. I don't have any kind of rooting apps installed on my phone. 

 

But it still says my Device is rooted.

44,947 Views
Message 3 of 70
Report
Admin

Hey @Drewster,

 

Can I confirm if this occurred after a Square update or an Android system update?

 

Where did you purchase the phone from?

Seamus
Square, Australia
Sign in and click Mark as Best Answer if my reply answers your question.
44,938 Views
Message 4 of 70
Report

Same here, it was working, now says my phone is rooted.

It is factory stock, never was rooted, nothing has changed, unless maybe some manufacturer updates?

Xiaomi Redmi Note 5

 

I haven't heard of "root checker" apps, but I can look for one if that is likely to help?

 

PS (Edit)

I just downloaded "Root Checker" from the Play Store, it says there is no Root Access on my phone.

44,934 Views
Message 5 of 70
Report
Admin

Hi @AvilaVista,

 

Unfortunately Xiaomi devices are not tested as supported by Square.

 

Whilst you may have been able to use this device previously to process transactions using your Square reader, our mobile security team are constantly refining our software in order to maintain strict security standards on our platform. Unless a device is listed on our website as tested as supported, we can't guarantee it will work on an ongoing basis.

 

I understand this is frustrating, however we are required to update our software from time to time to ensure itโ€™s secure for our sellers, and your customers.

 

To view which Android-based devices are compatible with our hardware, please visit our compatibility page to see that Android devices that we can guarantee will work.

Seamus
Square, Australia
Sign in and click Mark as Best Answer if my reply answers your question.
44,924 Views
Message 6 of 70
Report

@Seamus Compatibility a real bugger, isn't it?

I bought your device when I had a Galaxy Note 4, did a test transaction using contactless, and it worked. The when my first customer came along, they only had magstripe, and we couldn't get it to work no matter how we tried.

Next customer had a Chip card - but when we went to use it, the device wanted to do a firmware upgrade, so it wouldn't work. Missed that sale!

Samsung phone broke (overheating, very low battery life) but at least it didn't exploded like its successor! I bought the highest recommended phone as a replacement and it is brilliant! Latest Android, very fast,does everything I need and more. Ran a test transaction, all good.

So now another potential customer comes along, and I make sure to charge it up and test it first, make sure it isn't going to try a firmware update and lose my sale.

 

Well, no chance of that, the stupid thing won't even connect anymore because some developer couldn't follow the rules on detecting if a phone has been rooted. Not that that should matter if they had done their security properly in the device, for goodness sake!

 

Ok, this piece of technology definitely isn't fit for purpose, who do I talk to for my refund?

44,922 Views
Message 7 of 70
Report

Yeh there are many Is My Device Rooted apps on Google Play to download, thought I suspect they're just gonna tell you what you already know. That your device is not rooted.

I'm an App developer, so I understand the lingo. I think that what the Square App does is actually a few security checks, only one of which is check if the phone is rooted, and then uses a generic message if it fails one of those checks. Some of those things may be folder names, or folder structures, or another app that you may have installed that could make the phone vulnerable,  or anything that might indicate that the phone could have been rooted even if in fact it hasn't been. It may even check for an app that was once installed and has since been uninstalled. But they're just using a generic message, you're phone is rooted.

I've given up. Will just have to process payments manually, until I get a new phone one day.

44,918 Views
Message 8 of 70
Report

Hi

 

It's a Samsung Note 8, purchased from an official Telstra store in Australia. I purchased two devices; Contactless and a Chip reader device. I watched the Square app update itself before the message appeared that Square does not support Rooted Devices.

44,798 Views
Message 9 of 70
Report

Im in the same situation. Samsung S9+  i can't believe they can't fix this issue.

If our devices are NOT rooted and you tell us they are, you are in the wrong not us. wtf am i supposed to do now? buy another phone? this is ridiculous im going to look for a different method of payments. you cost me so much money this week. Goodbye

44,812 Views
Message 10 of 70
Report

I contacted the ACCC regarding this problem, ie we bought a product that was working, but a vendor-enforced software update made it unusable.

 

Their response was that:

 

the device may now be considered "not fit for purpose" under the Australian Consumer Law (section 55), and we are entitled to a refund/repair/replacement.

 

If the vendor chooses not to act according to the law we need to make a complaint to Consumer Affairs Victoria on its website (or other body depending on location and jurisdiction) or take our complaint to our state or territory small claims tribunal.

 

 

38,836 Views
Message 11 of 70
Report

Thank you for your reply.  Have you heard from Square team about this development?

38,833 Views
Message 12 of 70
Report

@Lahcen Only what is in this thread.

My response from the ACCC just arrived and I haven't followed up on it.

38,830 Views
Message 13 of 70
Report

They need to get in touch with us and tell us what's going on. 

38,823 Views
Message 14 of 70
Report

Square have a generic refund policy on their devices. 

 

https://squareup.com/help/us/en/article/5148-square-hardware-limited-warranty-and-returns

38,820 Views
Message 15 of 70
Report

I'd be happy if they could fix the issue.  Refund will be my last step I guess.  

38,816 Views
Message 16 of 70
Report
Admin

Hey @AvilaVista and @Lahcen,

 

Having reviewed this thread and the ongoing discussion, I can tell you that @Drewster is fairly spot-on with this comment:

 

"I think that what the Square App does is actually a few security checks, only one of which is check if the phone is rooted, and then uses a generic message if it fails one of those checks".

 

The errors you're seeing here about having a "Rooted" device or a device with "Developer Mode" turned on are based on the device security checks we do as part of PCI Compliance. It means that while a Samsung S9, fresh out of the factory and unmodified should work with Square, the exact S9 giving you this error message is not meeting the minimum standards we require to operate as a physical card processing device under PCI Complaince.

 

You may not have rooted the phone or may not have developer options turned on - the issue is that because Android is a highly customisable operating system, there are various things that can occur on an otherwise compatible Android devices that change the way the OS works, resulting in an operating environment that won't meet minimum PCI security checks. This altering of how the OS operates effectively equates to the device being "rooted".

 

This may be caused by things like:

 

- A network or re-seller altering the way the OS functions on the device

- A network of re-seller pre-installing that impact the way the OS operating on the device

- An app you install modifying the way the OS operates behind the scenes

 

It's not that we want to make things harder for you to take payments - after all, this is how Square makes money as a business. The reason you're seeing these messages is because the specific device you're using does not meet minimum requirements to act as a card processing device. 

 

I know this doesn't help your situations at all - but I'd be interested to hear where you all bought these devices from and whether we can make any sort of correlation as to what may be a common factor here. While difficult to determine with a small sample size, it may help to have this information available if more merchants are seeing the same errors.

 

Seamus
Square, Australia
Sign in and click Mark as Best Answer if my reply answers your question.
38,782 Views
Message 17 of 70
Report

@Seamus 

I too have had this problem on a number of Android phones including ones on your compatibility list. I am very tech savvy and understand all of the technicalities of this matter including the PCI Compliance requirements. I can also understand how frustrating it must be for you standing in the firing line.


However, using generic explanations of what could possibly be the issue is not exactly helpful and indeed even more frustrating. By that, I mean statements like:


- A network or re-seller altering the way the OS functions on the device

- A network of re-seller pre-installing that impact the way the OS operating on the device

- An app you install modifying the way the OS operates behind the scenes

 

I get it but that means nothing to the average user.


What you really need to do is get your app developers to thoroughly inspect their code to extract ALL of the checks they do to confirm "security compliance" or any other compatibility issues. Obvious examples that we already know are: root, root checking apps (really?), developer options, permissions granted to other apps. These checks are obviously embedded in the code therefore are easily accessible to the developers.


Perhaps then, with a more detailed and structured list, each user experiencing such issues can methodically go through each check to ensure their phone complies. To date, it appears to be a random shotgun approach. As has already been suggested by others, when the devs are in there inspecting the code maybe they can put some more relevant and specific error messages in as well. Else you might as well just say "Error MZQ2845342 - Unknown error".

 

Perhaps even a FAQ that describes how a user can typically make these checks themselves could make life a lot easier for not only the end-users but a whole raft of people in your organisation including, obviously, yourself. Think of your poor devs, sales and marketing guys, the returns people and not to mention the cost of all of these returns.


Simple. Can you talk to your devs to get that list asap please, Sheamus?


Thanks in advance for listening.

38,609 Views
Message 18 of 70
Report

@PeterT  Thanks for your excellent response, I only hope that Square devs/management take it to heart. Too often we are told to keep things simple and not confuse the poor users, where in reality making clear and detailed diagnostic information available for those who can use it will actually reduce end-user frustration and result in faster and more targeted solutions to problems encountered. 

38,609 Views
Message 19 of 70
Report
Admin

Hey @PeterT,

 

I appreciate you taking the time to write such a well thought out and insightful post.

 

Android compatibility issues can definitely be a source of frustration for all involved, especially for cases where we list a device as compatible. I'd like to be able to give more specific advice, but it's a very difficult issue to troubleshoot via an online forum without actually having the mobile device in hand, looking at what apps are installed, checking out what they do, having a guess as to what may be causing the issue then testing via trial and error.

 

For what it's worth, I passed your post on to our Android development team for consideration. I certainly appreciate your want for having more specific error information to aid troubleshooting Android compatibility issues.

 

When weighing up the troubleshooting info we're displaying there is a lot to consider - Just how precise can we be in detecting anomalies within Android? Is there the potential to flag false positives? Will providing more granular feedback compromise security? What would the privacy implications be if we identified specific apps that interfere with our ability to form a secure connection to Android? How does PCI compliance impact our ability to provide this information? 

 

We have a team of engineers whose job it is to weigh up these sorts of questions when developing our Android app. While I can't guarantee the specific outcomes you're looking for here you have been heard internally.

 

All the best.

 

 

 

 

 

 

 

Seamus
Square, Australia
Sign in and click Mark as Best Answer if my reply answers your question.
38,586 Views
Message 20 of 70
Report

Hi Sheamus,

 

Just wondering if you might have any updates on this issue from your devs. 

 

In respect to one of the points you raised in your last post... I agree it's probably not reasonable to point the finger at specific apps that may trigger the generic failure message. However, it would be nice to know to be advised in the error message (or just in a FAQ even) which permission(s) might be regarded as unsafe by the Square app so that the user can manually check or use a permissions checking app.

37,340 Views
Message 21 of 70
Report