This week the Google Wallet team was surprised when two different vulnerabilities were discovered. One hack revealed a user’s PIN number on a rooted phone and the other allowed anyone to reset the PIN and gain access to funds on a Google Wallet prepaid card.
Google quickly responded to the first hack by saying users should not use Google Wallet on a rooted device, and late last night they also responded to the second hack by saying they would temporarily disable provisioning of prepaid cards.
Many Android users are now questioning if Google Wallet is safe enough for mobile phone payments. Google responded, “The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.”
I’ve included Google’s full statement they sent me below. It’s nice to see them address the recent issues so quickly, but I’m still wondering what you guys think. Are you comfortable with using your phone for mobile payments?
Over the last few days we've received questions and concerns about issues related to the security of Google Wallet. People are asking if Google Wallet is safe enough for mobile phone payments. The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.
First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.
Second, we also take concrete actions to help protect our users. For example, to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.
And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.
Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.Osama Bedier, Vice PresidentGoogle Wallet and Payments