28 February 2017
visit nextgenbanking.co.uk

Google Wallet stores unencrypted data - viaForensics

13 December 2011  |  10367 views  |  0 google wallet

Google's mobile wallet application fails to securely store some personal information on the users' phone, according to research from viaForensics.

The security specialist says its initial testing of the app on a rooted handset shows that credit card balances, limits, expiration dates, names on cards, transaction dates and locations are all stored in various SQLite databases in unencrypted form.

ViaForensics argues that many people would be uncomfortable with others knowing some of this information and that its use for social engineering attacks is "pretty high".

However, the app generally fairs well, doing a "decent job" of securing full credit cards numbers, which are not insecurely stored and need a PIN to authorise payments.

Google Wallet also managed to protect against man-in-the-middle attacks over Wi-Fi when the team attempted them at account registration and adding a new credit card.

In a statement, Google says: "The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Google Wallet coming to UK ahead of Olympics - report

Google Wallet coming to UK ahead of Olympics - report

12 December 2011  |  13288 views  |  0 comments | 1 tweets
Verizon refusing to support Google Wallet - report

Verizon refusing to support Google Wallet - report

06 December 2011  |  8576 views  |  2 comments
Google checks out of Checkout

Google checks out of Checkout

17 November 2011  |  9280 views  |  0 comments
Google Wallet gets SingleTap for coupon redemption

Google Wallet gets SingleTap for coupon redemption

18 October 2011  |  10286 views  |  0 comments
Google launches mobile wallet

Google launches mobile wallet

19 September 2011  |  17183 views  |  1 comments
Google takes the wraps off mobile wallet

Google takes the wraps off mobile wallet

26 May 2011  |  15703 views  |  1 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
http://www.financialcrimerisk.fiserv.com/aml?r=finextra

Who is commenting?

A Finextra member Finextra Member Commented on: Really really really K...
A Finextra member Finextra Member Commented on: In wake of Cloudflare...

Top topics

Most viewed Most shared
EBA to relax controversial PSD2 authentication rulesEBA to relax controversial PSD2 authentica...
14114 views comments | 53 tweets | 74 linkedin
BNY Mellon seeks blockchain experts for new emerging biz and tech teamBNY Mellon seeks blockchain experts for ne...
8126 views comments | 7 tweets | 4 linkedin
hands typing furiouslyBlockchain Technology
7900 views 1 | 18 tweets | 8 linkedin
Starling releases Open API, talks up marketplace modelStarling releases Open API, talks up marke...
7653 views comments | 19 tweets | 18 linkedin
Barclaycard strikes new wearable deals for contactless jewellery and watchesBarclaycard strikes new wearable deals for...
7176 views comments | 17 tweets | 15 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job