Oppo Kash, a financial services app that the Chinese company, best known in India for its smartphones, launched here earlier this year, asks users for root access on their Android phones that will give it complete control of the devices, a security researcher has claimed. The good news — the scope for misuse is limited, as the root access can only be gained on devices that are already rooted or modified by users through a systemless root process. The bad news — if you’re using a rooted Android phone, this could give Oppo Kash complete control over the phone that’s in your hands.
Bug-bounty hunter Athul Jayaram discovered the issue while randomly going through Google Play on a rooted phone. After installing the app, he noticed that the Oppo Kash app asked for superuser rights. This struck him as something odd, as most of the popular apps don’t have such requirements.
He first reached out to the Oppo Kash developers, through the Oppo Security Response Center. Oppo told him it considered the issue to pose “no danger” but he disagreed, and pointed out that a financial application like Oppo Kash shouldn’t be asking for root access in any case. “The intention of the application developers and the company is not right,” he said told Gadgets 360 after getting this response.
Oppo, in response to questions from Gadgets 360, said that it was using root acce