Google Wallet is in the news once again. The app is an NFC-based mobile payment system for Android, and it has now come under the security scanner. Google Wallet is currently only available officially on the Nexus S and Nexus S 4G and the payment system is accepted by a number of stores in the US. But According to a report by the security firm ViaForensics, the app apparently doesn’t do its job well.
The security firm says that Google Wallet’s protective binds are not strong enough to protect the user’s personal data including the credit card balance information on a Nexus S. The report outlines that:
“While Google Wallet does a decent job securing your full credit cards numbers, the amount of data that Google Wallet stores unencrypted on the device is significant. Many consumers would not find it acceptable if people knew their credit card balance or limits.”
The loosely protected information could be used by hackers to attack someone successfully. But apparently, ViaForensics warns that only a handful of users need be worried, and cites that those with rooted devices could well be under the risk.
The search giant has come forward with their defence. “The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet,” Google said in a statement.
“This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV number. Android actively protects against malicious programs that attempt to gain root access without the user’s knowledge. Based on this report’s findings we have made a change to the app to prevent deleted data from being recovered on rooted devices.”
Moreover, Google said an upcoming software update would address the security issue that was highlighted in the security firm’s report.