Google has issued a response to the recent security issues that were raised with its Google Wallet mobile payments system last week, claiming that the service is safe and even more secure than physical cards.
We revealed on Thursday that a team of developers at zvelo had demonstrated how the PIN verification system could be easily overridden on rooted Android devices. Things then got worse when, as The Verge reported, it emerged that stolen phones could have pre-paid credit accessed by simply clering data and re-installing the app.
The response is posted to Google’s Commerce blog and it essentially explains that the security issues are down to rooting devices. As the company said in its initial comment to us, it “strongly discourages” users to modify their Android device as “the product is not supported on rooted phones”.
However, Google has taken action in response to the second issue:
To address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.
Mobile payments are set to be huge, as the blog post explains, and the company claims that its users can confident that the mobile payment system “provides defenses that plastic and leather simply don’t”.
The real takeaway from these events is not just that mobile payments is not perfect, it is that the basic security settings on smartphones are hugely important. Android devices should have the lock screen password setting enabled, which would prevent these issues, while users of other phones should also be sure to set up security measures to keep data safe.
Today’s smartphones are beginning to be used for payment, but emails, SMS messages, social networking accounts and a whole raft of other details and services can easily be accessed from devices that are left unsecured.
Nonetheless, the last few days have been difficult for Google Wallet and it is certainly a major concern that pre-paid accounts could be accessed so easily by anyone. Google is working to fix the issue and its message is loud and clear about using the service with rooted devices.