I must be missing something. How would Google be at all liable for restoring funds stolen by software that they themselves didn’t furnish, on a device that’s out of their control?
A judge may not see it that way. They may perceive it as Google failing to provide adequate protections to their users.
If user installed the app created by Google and did not share any login credentials. It’s easy to claim Google is liable.
The equivalent would be a bank leaving the back door to their vault open. An intruder going in and removing your funds. Despite following all the banks instructions, the bank has not replaced the funds.
The banks is responsible for people gaining unauthorised access to your account. Especially when you don’t share your login credentials with anyone (even unknowingly). If they can’t protect against root access attacks then, they shouldn’t permit use of their app on those devices.
Apps have convenience features, especially related to easy sign in. Their website logins don’t have these features. They require the user to enter passwords, challenge codes, card reader etc. If someone gets access to a password manager, the user is at fault. The bank likely stated you shouldn’t write down or record your password.
Google has a contract with the banks. They get exclusive payment provider access, but in exchange must make sure that customer funds don’t get stolen.
When CandyCrushHack.apk drains someone’s bank account, the victim will first go after the bank, who should’ve seen the fraud and acted. If the user can prove that they did not authorize the transactions, in many cases, the bank is forced to restore the customer’s balance. That’ll be expensive as hell, and someone will need to pay. The bank knows damn well that Google is on the hook, because their payment gateway could’ve and should’ve detected that the phone was compromised, so Google will either need to pay for the damages, or win an expensive court case with an army of expensive finance lawyers.
So now there’s a small risk of “user gets hacked, we need to pay back millions” that’s put up against “a sliver of a percentage of our user base can’t do contactless payments with their phone”. I don’t know about you, but I don’t think I would go “let’s blame the users! rooted phones for everyone!” if my pay check was on the line.
Alternatively, the user is left without a retirement fund and is now forced to work until they die. The news will feature another “picking Android ruined my life” story, Google stock drops, Samsung stock drops, iMessage gains a new set of users.
That said, my bank allows me do pay by card through the bank app no problem, even without trying to hide root access. Clearly, they trust their anti fraud systems much more than Google trusts theirs.
I must be missing something. How would Google be at all liable for restoring funds stolen by software that they themselves didn’t furnish, on a device that’s out of their control?
A judge may not see it that way. They may perceive it as Google failing to provide adequate protections to their users.
If user installed the app created by Google and did not share any login credentials. It’s easy to claim Google is liable.
The equivalent would be a bank leaving the back door to their vault open. An intruder going in and removing your funds. Despite following all the banks instructions, the bank has not replaced the funds.
The banks is responsible for people gaining unauthorised access to your account. Especially when you don’t share your login credentials with anyone (even unknowingly). If they can’t protect against root access attacks then, they shouldn’t permit use of their app on those devices.
Apps have convenience features, especially related to easy sign in. Their website logins don’t have these features. They require the user to enter passwords, challenge codes, card reader etc. If someone gets access to a password manager, the user is at fault. The bank likely stated you shouldn’t write down or record your password.
Google has a contract with the banks. They get exclusive payment provider access, but in exchange must make sure that customer funds don’t get stolen.
When CandyCrushHack.apk drains someone’s bank account, the victim will first go after the bank, who should’ve seen the fraud and acted. If the user can prove that they did not authorize the transactions, in many cases, the bank is forced to restore the customer’s balance. That’ll be expensive as hell, and someone will need to pay. The bank knows damn well that Google is on the hook, because their payment gateway could’ve and should’ve detected that the phone was compromised, so Google will either need to pay for the damages, or win an expensive court case with an army of expensive finance lawyers.
So now there’s a small risk of “user gets hacked, we need to pay back millions” that’s put up against “a sliver of a percentage of our user base can’t do contactless payments with their phone”. I don’t know about you, but I don’t think I would go “let’s blame the users! rooted phones for everyone!” if my pay check was on the line.
Alternatively, the user is left without a retirement fund and is now forced to work until they die. The news will feature another “picking Android ruined my life” story, Google stock drops, Samsung stock drops, iMessage gains a new set of users.
That said, my bank allows me do pay by card through the bank app no problem, even without trying to hide root access. Clearly, they trust their anti fraud systems much more than Google trusts theirs.
As if that’s not already the case