-1

The Marshall Islands have instituted Universal Basic Income via a cryptocurrency stablecoin. This requires the use of the Lomalo wallet. In the terms of service they say:

You agree to:

  • Not use Lomalo on any device you know (or should know) has been compromised, rooted, or jailbroken.

What does this mean exactly? In particular, if one was using a device that came from the manufacturer with the user have administrative privileges equivalent to rooting a more consumer focused device would it be illegal or breach of contract to use this application?

Improve this question
2
  • This question would be probably be a better fit for Stack Overflow or something dedicated to mobile platforms. Commented Nov 19 at 12:58
  • On Android.SE: What does "to root a phone" mean? Commented Nov 21 at 5:23

3 Answers 3

Reset to default
4

This can ultimately only be answered by a court. The ambiguity you are highlighting is whether "rooted" means that the device has root access enabled (since the outset) for the user or whether it means that it's had a process of rooting applied to it at a later stage.

Ordinary meaning

One of the ways that courts will try to interpret contractual clauses is to look at the ordinary meaning of the word. Normally the starting point would be to consult a dictionary, but it seems that this use of the word "root" is either too modern or too technical because I couldn't find any online dictionaries that have it. However, Wikipedia says this:

Rooting is the process by which users of Android devices can attain privileged control (known as root access) over various subsystems of the device, usually smartphones and tablets.

Rooting is often performed to overcome limitations that carriers and hardware manufacturers put on some devices. Thus, rooting allows the users to alter or replace system applications and settings, run specialized applications ("apps") that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user.

This all implies that "rooted" is something that a user does to the device in order to overcome manufacturer-imposed limitations rather than a state that the device starts with when it is manufactured.

This fits with how most people use the word. For example, I've never heard of a Linux distro being referred to as "rooted" just because it already has root access by default.

Context

Another rule of interpretation that courts can turn to is noscitur a sociis. If a word seems ambiguous, you look to the surrounding words to see if the context helps to narrow down the meaning. For example, in the list "knives, forks, and spoons", it's clear that fork refers to an item of cutlery and not a fork in the road.

Here, we have "compromised, rooted, or jailbroken". Both of the other two words obviously apply to something that is done to the device by the user that enables the device to be used in a way which wasn't intended. In context, the word "rooted" therefore means something similar.

Counter-argument

On the other hand, if we widen the context, the terms and conditions say this:

  1. Security Obligations

You agree to:

  • Keep your device, passwords, PINs, and biometrics secure.
  • Notify us immediately if your device or account is lost, stolen, or compromised.
  • Not use Lomalo on any device you know (or should know) has been compromised, rooted, or jailbroken.

From this it's clear that the words are intended to require you to keep your device secure. A device that has root-access enabled by default is arguably the same thing (in terms of security) as one that was rooted later. Lomalo's intention was to require you to use a device that is difficult to compromise. A root-enabled device goes against that.

Which interpretation is correct?

The contra proferentem rule of interpretation says that ambiguities should be resolved in favour of the person who didn't draft the contract. In , if the user is a consumer then Section 69(1) of the Consumer Rights Act 2015 applies a statutory version of this rule:

If a term in a consumer contract, or a consumer notice, could have different meanings, the meaning that is most favourable to the consumer is to prevail.

So, if you can convince the court that there's a genuine ambiguity, then "rooted" should mean something that was done by the user at a later stage.

Improve this answer
3
  • Being rooted or compromised isn't always a function of the user. See Sony BMG copy protection rootkit scandal as a counter example Commented Nov 19 at 15:23
  • 1
    @PeterM You're referring to a rootkit. Although it's related, it isn't the same as rooting. A rootkit is a malicious piece of software installed on your device by an attacker, whereas rooting is something you do deliberately to lift device restrictions. Commented Nov 19 at 17:59
  • The OP's question referred to "rooted". That can also be used to describe a rootkit being installed, even if you don;t personally gain the "benefits" of being rooted. Commented Nov 19 at 18:02
2

I think a court would look at the intent and purpose of this clause, which is to ensure that the operation of the Lomalo Digital Wallet application can be trusted. In this context, it doesn't matter how the device came to be compromised. While rooting and jailbreaking are usually actions that the user takes after purchasing a device, the effect is the same if the manufacturer or vendor does it first.

However, it's possible that the vendor might do this covertly, in which case the criterion "you know (or should know)" would not be met, and the user would be innocent. In general, users trust that the devices and software they purchase and/or download act reasonably -- it's difficult to exist in our digital ecosystem if you're overly paranoid.

So unless there's been public disclosure that some devices have been compromised, and that the user could be aware that their device was included, this clause would usually only apply to intentional rooting by the user.

Improve this answer
8
  • I am not sure what "public disclosure that some devices have been compromised" means and I have not actually tried it but I would expect it to run on these devices on which the user has equivalent control as a "rooted" android device. Commented Nov 19 at 20:42
  • I was thinking of something like a news article disclosing that some vendor was shipping pre-rooted phones. Commented Nov 19 at 20:44
  • I don't think they intend to allow you to run this on desktop operating systems, they're too permissive compared to mobile devices. Commented Nov 19 at 20:47
  • @Barmer I am sure you are right, but their intentions are not obviously relevant to the contract formed. Commented Nov 19 at 20:56
  • 1
    @Mike I suspect that that would be considered "rooted". IMHO, it "quacks like a duck". Commented Nov 21 at 15:47
0

There is no precise legal definition "rooted" (or for that matter, any particular term) in the abstract. The meaning of a term, such as "rooted" will be determined in light of the context, purpose, and the surrounding circumstances of the contract. See Sattva Capital Corp. v. Creston Moly Corp., 2014 SCC 33, paras. 48–58.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.