Brickweb | Design, Build, Maintain & Manage

Security of Google Wallet is Questioned!

Brick technology web design recently wrote to you in regards to the new and exciting Google Wallet. This is a contactless mobile payment application and has been thought of by experts to be extremely secure due to its use of a hard-to-break hardware element which will handle the cardholder credentials. However it has failed a vital security test!

Google Wallet has failed the security test because it actually stores too much of the consumers personal details on the phone. The app itself does not store the customer’s entire credit card number but it does hold the users name, credit card balance, limits, expiration date and transaction dates and locations on the phone within the applications database directory.

In addition to the above details the user’s last four digits of their card number and email address are also recoverable on the phone. When this information is placed in the wrong hands then fraud could occur. Google however have responded in saying that this sensitive information can only be retrieved when the phone is rooted.

What Google is trying to say is that the details can be retrieved from a rooted phone; one whose operating system has been broken into so that system files can be accessed. They then go on to say that the study into security of Google Wallet does not refute the actual effectiveness of the multiple layers of security which Google have built into their Android operating systems and the Google Wallet.

Google claim that the study simply focuses on data accessed on a rooted phone, even in this case a certain high level of security remains. This protects the payment instruments such as the credit card and card verification value numbers; alongside this Android is continually working to protect against malicious programs which may attempt to gain root access behind the users back.

There are apps such as Droid Dream which have managed to hack through the security of Android and gain root access. If this was to occur and Google Wallet was present on the phone then following a break in customer information on the phone would be sufficient enough for a criminal to launch an attack so that they get the customer to confirm their full card number.

The ease of access to such vital information could prove extremely costly when placed in the wrong hands. But it isn’t all negative; Google Wallet app does require a four digit PIN which makes it more secure than your usual magnetic stripe credit card which any criminal can steal and use. Anyone who stole an Android phone loaded with the Google Wallet app would have to correctly guess the owner's PIN to buy something with it.

What are your thoughts on the Google Wallet?

Will it become something that you will use once it is implemented or will it be something that you will steer way clear of?

For more information then please contact us on 01254 277190 or email info@brickweb.co.uk.