How Secure Is Your Google Wallet?

1:20 PM -- New forensic security analysis conducted by viaForensics uncovered some bad news for Google (Nasdaq: GOOG)'s new Wallet mobile payments service. The security firm found that Google stores a significant amount of data, unencrypted, on the device itself, providing fairly easy access to your personal information.

"The largest security risk from apps using NFC [does] not stem from the core NFC technology but instead the apps that use the technology," wrote Andrew Hoog, chief investigative officer for viaForensic. "In this case, the amount of unencrypted data store by Google Wallet surpasses what we believe most consumers find acceptable."

Android has others layers of security in place, including a required PIN, but the perception of insecurity could be almost as damaging as an actual shortcoming. Android's open ecosystem has already been subject to a number of malware attacks, and consumers will be much less forgiving if a future attack compromises their credit card information. If they have any reason to believe a new app isn't entirely safe, they'll likely never use it. (See LR Mobile's 2011 Wireless Turkeys.)

From that perspective, Verizon Wireless opting to exclude Google Wallet from the Nexus S makes a good deal more sense. If there's a security breach, the carrier would undoubtedly bare the brunt of the blame. (See Verizon Blocking Google Wallet? Poor Decision and Isis Taps Gemalto to Secure Tap-to-Pay .)

Especially with an open ecosystem, Google is wise not to dismiss any security concerns -- even if it doesn't agree they are an issue. It is up to the company to ensure apps that use its Wallet are entirely secure. And, it's up to both Google and any wireless operator that lets an NFC app use its secure element to convince consumers the apps are actually up to snuff.

Bottom line is, consumers must be confident that what's in their mobile wallet stays there and can't be found out over the air.

— Sarah Reedy, Senior Reporter, Light Reading Mobile

FredStein 12/5/2012 | 4:46:36 PM
re: How Secure Is Your Google Wallet?

Sobering news, thanks Sarah.

Add to these exposures, is the fact tha Smart Phone theft is becoming endemic. In San Fransico, it's new hot spot - hot spot for the theives and the fences that jail break them. It should be easy for the carriers to keep track of the serial numbers so that stolen phones cannot be used for calls, but apparently the carriers out here claim that they can't. In Australia, they can.

Dude111 12/5/2012 | 5:45:32 PM
re: How Secure Is Your Google Wallet? I wouldnt ever want a mobile. I tend to value my privacy 1000% .. You can be tracked on them like crazy (Text messages,location,etc)..

It amazes me how many people use them and DONT CARE about losing the little bit of privacy they can still get.....

I think they were MUCH BETTER when they first came out.. Not only were they on an ANALOGUE SYSTEM (Sounded better) but they had antennas and didnt nearly drop calls as much as a result!
Chitownconsult 12/5/2012 | 5:46:05 PM
re: How Secure Is Your Google Wallet?


The best way for tracking is through MAC addresses of the handhelds as serial numbers are not unique amongst manufacturers in this shrinking, global, economic world in which we live and operate.  Shrinking in the meaning it's easy to go global and not any reference to the actual economic ups and downs.  

For the security purposes the ulimate way for securing the handhelds is to have the encryption right on the phone/tablet/laptop (softphone).  Now, to get a product that can be loaded onto each device in the manufacturing is the solution we have for the right application and markets in which they operate.  

The second best way is at the SBC's or other edge devices to the wireless network which are also being addressed.  The market is ready for this and the risk are increasing very rapidly.  

Sign In