Google Wallet

Last week Google disabled the provisioning of pre-paid cards in Google Wallet, following the discovery that clearing app data could allow the PIN for these cards to be reset. Now Google says a fix is rolling out, and that pre-paid cards are available once again.

Writing on the official Google Commerce blog, VP of Google Wallet and Payments, Osama Bedier, said that the company was not aware that any pre-paid cards that had been misused as a result of the vulnerability.

Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we’re not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers. If you are unable to access your previous prepaid card balance for any reason, please contact our toll-free support for assistance.

So now we can all sleep a little safer at night, knowing that if someone steals your phone, at least they won't be able to pay for a Big Mac out of your pre-paid allowance.

The issue with obtaining PIN numbers on rooted devices via a brute-force method remains, however, as we discussed in our most recent podcast, a rooted device is by definition insecure. For its part, Google still recommends not installing Google Wallet on rooted devices.

Source: Google Commerce Blog


Reader comments

Google Wallet pre-paid card exploit fixed


I didn't get any update (not sure if I will since I've got it on my VZW Galaxy Nexus which isn't officially supported), but when I tap on my prepaid card now it shows my User ID instead of "Cannot contact bank".

So that's good, I guess...

(FWIW, I'm not rooted. Totally stock with locked bootloader.)

Got my free money from Google. Added funds because I felt guilty (VZN GN). Off to McDonald's to try it out.

Here is what I don't get... ok, so it's not recommended on a rooted device. OK, so the thief roots it and THEN can get access, right? Sure when you unlock a Google Experience Device it forces a data wipe, but most root methods are exploits that allow you to root without wiping first. Google still isn't thinking about this right, problem is I fear they could go down the path of locking root down rather than the alternative. Here's hoping that doesn't happen.

I think they are only allowing it to be installed on new Accounts. Because it seems like those of us with a card already still have no access.

still no dice for me, im rooted and on custom ROM AOKP...wonder whats up. I even cleared the app data and cache to try to see if that will work, it didnt

Jordan Jones is right. I just called their toll free number and asked them about it as I still can't add a prepaid either. It has nothing to do with ROM, only whether the user has had a prepaid card before or not.

I was told they lifted the restriction for NEW Google Wallet Prepaid users only. They're still working on those who've had a prepaid card prior. Unfortunately, he didn't have an ETA when the restriction for existing users would be lifted but simply said "soon."

Oh, also, it's not dependent on a new Market release or APK or such. It's being done behind the scenes.