Google's Mobile Wallet does not store personal data securely, research firm ViaForensics (VF) has said.
The security firm tested the application on a rooted handset - a mobile phone with a modified operating system in order to change the (privacy) settings - and it discovered that sensitive data is stored in SQLite databases, a serverless engine which stores data unencrypted. This includes credit card balances, limits, expiration dates, names, locations and transaction dates.
Google responded by releasing a statement: 'This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers.'
VF agreed Google does a 'decent job' by securely storing full credit card numbers and that a PIN is needed to authorise payments. However, VF's Report came only days after Verizon, the largest telecom provider in the US, demanded on 7 December that Google disables its Mobile Wallet application in the forthcoming edition of the latest Galaxy Nexus smartphone. Verizon cited 'security concerns' as the main reason.
The security firm tested the application on a rooted handset - a mobile phone with a modified operating system in order to change the (privacy) settings - and it discovered that sensitive data is stored in SQLite databases, a serverless engine which stores data unencrypted. This includes credit card balances, limits, expiration dates, names, locations and transaction dates.
Google responded by releasing a statement: 'This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers.'
VF agreed Google does a 'decent job' by securely storing full credit card numbers and that a PIN is needed to authorise payments. However, VF's Report came only days after Verizon, the largest telecom provider in the US, demanded on 7 December that Google disables its Mobile Wallet application in the forthcoming edition of the latest Galaxy Nexus smartphone. Verizon cited 'security concerns' as the main reason.
Published previously in E-Finance & Payments Law & Policy, December issue. CPP. Copyrights apply. Picture: infotech.bplaced.net
