PCMag.Com - Last week Google said it had fixed the latest security flaw in Google Wallet, whereby a determined thief could root your non-rooted device ex post facto and retrieve your Google Wallet prepaid card. That was partly true. From what we can tell the technical issue still remains, even if Google Wallet itself is safer.
To recap the Google Wallet brouhaha this month, first researcher Joshua Rubin from zvelo revealed a quick, simple brute force technique to extract the Google Wallet PIN from a rooted phone. That actually requires some skillz, but the next day The Smartphone Champ revealed that even in a non-rooted Nexus smartphone with Google Wallet, a thief can steal your Google Wallet prepaid card by simply wiping Google Wallet settings and attaching the app to a new Google account. Finally, Rubin reported how a thief can root your non-rooted phone ex post facto and steal your Google Wallet funds. This works because some root privileges do not remove all the data on your Android device, and Google prepaid cards are stored in the device, not in one’s Google Wallet account.
Google responded to Rubin’s discovery by suspending new prepaid cards on Sunday. It began re-issuing Google Wallet prepaid cards on Tuesday, claiming it had fixed the problem. But as a spokesman told my colleague Neil Rubenking, Google’s “fix” was to require users to contact Google Support to re-activate a Google Wallet account. So yes, the technical issue still remains. More