As someone who habitually roots my Android phones, I'm always somewhat annoyed when I can't use features like tap-to-pay, but I'm really annoyed when apps refuse to start, especially when they are for things like McDonalds. I shouldn't need to have a known-trusted operating system to buy a burger.
I've found that the Play Integrity Fix module for Magisk usually solves it, though there are a couple exceptions. They still earn a negative review for the attempt.
It's a recent change that app developers have the ability to know, and represents a massive transfer of power away from users to app developers and OS vendors.
Well in a purely laissez-faire sense, of course. They can legally decide to refuse service to anyone for any reason, with a few narrowly protected exceptions like race. But that doesn't mean they _should_. They could choose to refuse service to anyone who isn't wearing a tux, or anyone who refuses to sing the national anthem, but they shouldn't do that either, and not just for the obvious capitalist reason that those actions would cost them business.
I guess what I'm saying is that I see some degree of reasonableness in a bank or a mobile game enforcing some Trusted Computing paradigms, even if I don't like it. Banks have to worry about real money fraud, and games worry about cheating. In my opinion, the privacy and user agency tradeoffs are not worth it, but I see why they do it. For someone like McDonald's though, I just do not see any reason that they'd need this level of trust in their customers.
Buying fast food is historically a very low trust, transactional deal. Why does McD need to be able to ensure my device integrity to offer this? Starbucks doesn't need to do so, and they have a loyalty program with stored value and payment reload in the app.
I doubt it (if McDonalds' saves credentials, it's likely some sort of token on their servers, rather than in plaintext on the app), but that wouldn't change anything, as I am okay with running an app which saves payment credentials, on my rooted phone.
Indeed, I'm okay with doing whatever I want, within standards of human decency, with my owned device and my owned bits therein. I don't see where McDonalds' desires factor into what I do with either.
Their technical capability of imposing control over how people use their own devices isn't self-justified, or justified at all.
Just saying that if they do, maybe not you, but someone will eventually go "I saved my cards into the McD app and got a surprise $LARGE_AMOUNT bill" because of their mobile platform not enforcing the isolation.
I doubt it (if McDonalds' saves credentials, it's likely some sort of token on their servers, rather than in plaintext on the app),
But even in that remote possibility, I think it's even less likely that many folks sophisticated enough to root their phone would ever have that complaint.
I'm happy to be proven wrong with a sufficient amount of such complaints about the McDonald's app.
> They can legally decide to refuse service to anyone for any reason, with a few narrowly protected exceptions like race.
and because an online store is not able to discriminate on race, these protections are voided, because they could refuse based on proxies of race (for example, they could be using location to determine if you're likely going to cheat the delivery, or reverse credit charge, or fraud etc). it might sound reasonable to try prevent the fraud before it happens, but it is an abuse of a position/power they should not have.
The balance of power between a user and a service provider on the digital realm is swining towards the service provider. This needs to be addressed.
