Last week Google disabled the provisioning of pre-paid cards in Google Wallet, following the discovery that clearing app data could allow the PIN for these cards to be reset. Now Google says a fix is rolling out, and that pre-paid cards are available once again.
Writing on the official Google Commerce blog, VP of Google Wallet and Payments, Osama Bedier, said that the company was not aware that any pre-paid cards that had been misused as a result of the vulnerability.
Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we’re not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers. If you are unable to access your previous prepaid card balance for any reason, please contact our toll-free support for assistance.
So now we can all sleep a little safer at night, knowing that if someone steals your phone, at least they won't be able to pay for a Big Mac out of your pre-paid allowance.
The issue with obtaining PIN numbers on rooted devices via a brute-force method remains, however, as we discussed in our most recent podcast, a rooted device is by definition insecure. For its part, Google still recommends not installing Google Wallet on rooted devices.
Source: Google Commerce Blog