Google late Friday night disabled the ability to provision new Google Preaid Cards, fallout from the discovery of a flaw in the Google Wallet app. The gist is that if someone were to find your phone, they could reset the Google Wallet PIN and gain access to your Google Prepaid Card. In a separate incident, rooted phones were found to be vulnerable to a brute-force crack.
And so, Google has temporarily disabled provisioning of prepaid cards as an interim step, and it says it will have "a permanent fix soon."
Google also reminds us that rooted devices are by definition not as secure as un-rooted phones and "we strongly discourage [rooting] if you plan to use Google Wallet because the product is not supported on rooted phones."
In addition, Google provides toll-free phone support 24 hours a day if you have concerns or questions about Google Wallet. In other words, just like with a traditional credit card, call if you lose it. Or have issues. Or just need a friend.
Protecting your payments with Google Wallet
Over the last few days we've received questions and concerns about issues related to the security of Google Wallet. People are asking if Google Wallet is safe enough for mobile phone payments. The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.
First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.
Second, we also take concrete actions to help protect our users. For example, to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.
And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.
Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.
Posted by Osama Bedier, Vice President, Google Wallet and Payments