Google is reportedly aware of and working to fix a major security issue relating to its Google Wall service on rooted Android phones.
Updated with Google’s response below.
Zvelo said on Wednesday that it immediately reported its findings to Google, which “agreed to work quickly to resolve it”, however the company says that Google “ran into obstacles” which meant that it is yet to release a fixed version of the app.
If you’re running a rooted version of Android, you should seriously tread carefully until Google releases a fix for the problem. The password setting can easily the verification system can be overridden easily, even after the PIN is changed.
We’ve contacted Google for comment on the issue and will update the post with any feedback we receive.
Update: Google has provided The Next Web with a statement however there is no mention of whether it is working on a fix, which zvelo claims has since stalled.
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.