Skip to main content

Google Wallet May Store Unencrypted Information, According to viaForensics Study

A group of security researchers has warned that Google's mobile payments platform, Google Wallet, leaves some crucial information unencrypted, making it accessible to anyone with technical know-how.

A security test conducted on Google Wallet by viaForensics revealed that the service locally stores some information unencrypted including email ids, cardholder names, transaction dates and account balances, Information Week informs.

The company tested the Google Wallet app on a rooted Android device and discovered that even though the app encrypts the full credit card number, the last 4 digits can be easily accessed from the SQLite database.

The study claims the app also had multi-layered security measures including the ability to foil man-in-the-middle attacks and a PIN is required for conducting transactions, however.

"The viaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. But even in this case, the secure element still protects the payment instructions, including credit card and CVV numbers," said a Google spokesperson in a statement.