03 September 2015

Google Wallet stores unencrypted data - viaForensics

13 December 2011  |  9680 views  |  0 google wallet

Google's mobile wallet application fails to securely store some personal information on the users' phone, according to research from viaForensics.

The security specialist says its initial testing of the app on a rooted handset shows that credit card balances, limits, expiration dates, names on cards, transaction dates and locations are all stored in various SQLite databases in unencrypted form.

ViaForensics argues that many people would be uncomfortable with others knowing some of this information and that its use for social engineering attacks is "pretty high".

However, the app generally fairs well, doing a "decent job" of securing full credit cards numbers, which are not insecurely stored and need a PIN to authorise payments.

Google Wallet also managed to protect against man-in-the-middle attacks over Wi-Fi when the team attempted them at account registration and adding a new credit card.

In a statement, Google says: "The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

12 December, 2011
08 December, 2011
06 December, 2011
17 November, 2011
18 October, 2011
19 September, 2011
26 May, 2011

Related company news

 
Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
Third of Brits expect day-to-day mobile pa...
8145 views comments | 38 tweets | 15 linkedin
Payments UK sets out vision for 'world cla...
6704 views comments | 17 tweets | 10 linkedin
Swedish mPOS firm iZettle raises EUR60m fo...
6089 views comments | 13 tweets | 8 linkedin
HSBC glitch leaves thousands of customers...
6027 views comments | 13 tweets | 7 linkedin
UK boosts contactless limit to £30
5460 views comments | 31 tweets | 20 linkedin

Featured job

up to £95K base, £190K OTE, benefits
London, UK

Find your next job