Google disables prepaid cards in wake of Google Wallet exploit

Google late Friday night disabled the ability to provision new Google Preaid Cards, fallout from the discovery of a flaw in the Google Wallet app. The gist is that if someone were to find your phone, they could reset the Google Wallet PIN and gain access to your Google Prepaid Card. In a separate incident, rooted phones were found to be vulnerable to a brute-force crack.

And so, Google has temporarily disabled provisioning of prepaid cards as an interim step, and it says it will have "a permanent fix soon."

Google also reminds us that rooted devices are by definition not as secure as un-rooted phones and "we strongly discourage [rooting] if you plan to use Google Wallet because the product is not supported on rooted phones."

In addition, Google provides toll-free phone support 24 hours a day if you have concerns or questions about Google Wallet. In other words, just like with a traditional credit card, call if you lose it. Or have issues. Or just need a friend.

Source: Google Commerce Blog

via Android Forums

Protecting your payments with Google WalletOver the last few days we've received questions and concerns about issues related to the security of Google Wallet. People are asking if Google Wallet is safe enough for mobile phone payments. The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.Second, we also take concrete actions to help protect our users. For example, to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.Posted by Osama Bedier, Vice President, Google Wallet and Payments

Have you listened to this week's Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

  • Subscribe in Pocket Casts: Audio
  • Subscribe in Spotify: Audio
  • Subscribe in iTunes: Audio (opens in new tab)
  • I hope I can still use the funds I just added. It says only new cards are disabled. But, for user ID, it says, "cannot contact bank."
  • Same here. Hope this gets fixed soon.
  • I really hope that they just use an account log in for Wallet like Alex Dobie suggested in the latest podcast. Super simple, super easy, and a lot safer. That would fix both problems in one fell swoop. Clear data? No problem, you still can't log in without the Gmail credentials. Although you still would be subject to brute force PIN entry..but if you use a damn lock screen, that wouldn't happen.
  • This seriously pisses me off. I had to clean wipe to install a new ROM and now I can't add my prepaid card, nor do I have a Citi card. Google has rendered this app useless for a lot of people. I understand them trying to protect us, but I've read all about the exploits, it should be my decision whether I accept the risks or not. I hope they have this fix soon.
  • It seems there should be a mandatory disclaimer when using the app stating, "System checks indicate that your device is rooted. You will not be able to use Citi Bank prepaid card on this device". Simple, no? If they can do it with Google Video, why can't they with Google Wallet.
  • Google needs to fix this quick. If not, DeviceFidelity NFC sdcards are going to get my money.
  • I just wiped my phone, and thought it was a new Gapps issue. This is a bit annoying, because I'm fairly confident I won't lose my phone, and if I do, losing the $25 on my Wallet account will be the least of my concerns.
  • I only use Google Wallet at the office since they don't accept cash for coffee and the cafeteria. I'm hoping Monday I'll still be able to use this or I will be asleep and hungry at my desk.
  • Just link your wallet to your market. Very simple very easy
  • How do you link to market?
  • my pre-paid card is still showing as active. non rooted Verizon GN.
    I'll have to see if it still works at CVS. Never mind. I just caught on that the article mentions "new cards".
  • can people please read the entire article? It's only for new cards, meaning you can still use ones you already have. I was able to buy a pack of gum at 7-11 this morning.
  • You might be able to use your current balance for purchases, but you can't add funds to the Pre-Paid card until Google re-enables provisioning.
  • That really sucks. I think I have around $30 left on mine. Guess I need to use it wisely. What pisses me off is that, yes I am rooted but my phone is probably a damn site more secure than the great majority of non-rooted ones around. Encrypted data, screen lock, app locked using Tasker and finally the pin used with Wallet. Anyone that can get my phone and wants to hassle with all that is more than welcome to my damned $30.
  • I seriously hope this gets fixed and a root related solution is worked on by the time the Ion comes to AT&T. I like the idea of Google Wallet and NFC transactions, but I am a power user type and I will never own a phone/tablet that I can NOT root. As far as I am aware, no comparable services exist like Google Wallet, which makes this the best, if not only, go to option for NFC transactions. The whole situation over Root gets tiring sometimes.
  • Lady In Red by Chris de Burgh