Ahhh, Google Wallet. It's a giant target, both because it involves the almighty dollar and because people love to go after Google. This being the case, we're seeing an old trick being rehashed that will give someone access to your prepaid Google Wallet card. It's not a hack, per se, nor is it new -- but it's a poor design choice that keeps the prepaid card tied to the phone hardware instead of with your Google Wallet account, which is more sandboxed. It goes like this:
- Find a Nexus phone with NFC laying around somewhere
- Wipe the app data on Google Wallet and enter a new PIN
So what you're hearing about now is what happens when you clear the app data from Google Wallet. That means stored information -- the PIN you entered -- is no longer attached to the app on your phone. Next time time you open Google Wallet, you're told to enter a new PIN number.
And then it once again asks which Google Account you want to tie in to Google Wallet. Because you're still logged in to you Google Account, suddenly the phone says "Hey! I recognize that user name! And you must be that user on your phone! Here's the free $10 Google's already given you, or whatever else you've added, too."
Thing is, in the example you're hearing about now, you're not actually that user. Someone has stolen your phone. And they can get to the Google Prepaid Card. And that's actually a feature that's documented in Google Wallet's Switching Devices help pages. Emphasis ours.
Your Google Prepaid Card balance may be transferred if you have completed your account registration. Contact us for more assistance.
There are a lot of ways this could be fixed. Maybe the best, but likely the least popular among users, would be to implement an Exchange-like security policy across the entire device where an ID and a PIN must be entered to do things like unlock the phone, or change settings. It would seem easier to secure the entire phone that it would be to change the architecture of the payment system, and if nobody can unlock your phone or get into the Wallet app settings (to clear data), this problem is solved. The new problem is that nobody likes to have to enter a PIN, and Android hackers will find a way around this in short order and call it a "feature" of their ROM. Hopefully Google has people smarter than I tackling these types of issues.
In the meantime, set some sort of screen lock. Just do it. If someone finds your phone, and can't get in, they can't wipe the data on your Wallet and change the PIN. Your Google Wallet, unlike your old wallet, can be locked down. Hit the break to see a video of this one in action.
Source: Smartphone Champ
We may earn a commission for purchases using our links. Learn more.
EA reportedly cancelled a Star Wars: Battlefront spinoff in 2019
According to a new report from Jason Schreier at Kotaku, EA canceled another Star Wars game in 2019. This title was known as Viking and would've been an open-world spinoff of the Star Wars: Battlefront games.
GDC 2020 isn't dead just because Sony and Facebook pulled out
Sony and Facebook may have pulled out of GDC, but there will still be plenty to show thanks to independent developers.
Samsung Galaxy S20, S20+ and S20 Ultra hands-on: Big camera bumps
When Samsung makes a move, everyone watches. Even if you're not in the market for a new phone, or don't want a Samsung in particular, the Galaxy S20 series is going to set the bar and roadmap for what we can expect from Android phones in 2020.
The Xperia 1 is our favorite phone for shooting video
If video recording is your thing, then look no further than the Sony Xperia 1 — it offers a large screen, three great cameras, and extremely robust manual video controls.