Google has today called for its customers to stop rooting Android smartphones to run Google Wallet. Two separate instances have hit Google in recent times where hackers were able to compromise sensitive financial data from Google Wallet running on rooted Android devices. However, the company still maintains that their payment service is still more secure than most other online transaction methods.
Google Wallet makes use of a short range wireless technology called Near Field Communication or NFC via a mobile payment app. At the moment, about 20 restaurants and retailers allow users to pay for goods simply by tapping their phone against a cash register. The app is currently officially available only on the Sprint Nexus S 4G and the Samsung Galaxy Nexus. The service is aimed at doing away with the need to carry credit cards, cash or even wallets and allows users to make transactions via their phones. The phone’s lock screen and the PIN code are the two safety features for the Google Wallet.
The Vice President of Google Wallet and Payments, Osama Bedier, said that many people have raised concerns about the safety of using Google Wallet and the most eloquent answer to this question is that they are safe enough for mobile users. However, it was only last week that two separate security agencies managed to crack the PIN code, which allows the user to access Google Wallet.
Zvelo, a web security provider on February 9 managed to find a way around the Google Wallet PIN code by executing a brute force attack. Joshua Rubin, an engineer at Zvelo said that the smartphones which have Google Wallet activated can be cracked if someone has physical access to the device by rooting into the device to obtain the PIN code. On February 10, SmartphoneChamp gave details as to how anyone who happens to find a Wallet enabled smartphone which does not have a screen lock enabled can erase all the data which is stored on the phone’s Application Settings menu related to Google Wallet.
Google has urged users against disabling the PIN code as the lack of a PIN code will allow easy unauthorized access to sensitive financial data in the phone. Further, the company has stated that Google Wallet has not been optimized for rooted phones; hence disabling the PIN code is even more dangerous.