The security specialist says its initial testing of the app on a rooted handset shows that credit card balances, limits, expiration dates, names on cards, transaction dates and locations are all stored in various SQLite databases in unencrypted form.
ViaForensics argues that many people would be uncomfortable with others knowing some of this information and that its use for social engineering attacks is "pretty high".
However, the app generally fairs well, doing a "decent job" of securing full credit cards numbers, which are not insecurely stored and need a PIN to authorise payments.
Google Wallet also managed to protect against man-in-the-middle attacks over Wi-Fi when the team attempted them at account registration and adding a new credit card.
In a statement, Google says: "The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers."
Toggle signature
ViaForensics argues that many people would be uncomfortable with others knowing some of this information and that its use for social engineering attacks is "pretty high".
However, the app generally fairs well, doing a "decent job" of securing full credit cards numbers, which are not insecurely stored and need a PIN to authorise payments.
Google Wallet also managed to protect against man-in-the-middle attacks over Wi-Fi when the team attempted them at account registration and adding a new credit card.
In a statement, Google says: "The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers."
Toggle signature
Latest Video Interviews, Offshore Company Resources, Payment Processing Tips & Tricks, Articles and Anonymity Hints only a click away!
Support the Freedom of Speech of our Community
Disclaimer: Nothing I say should be taken as tax, legal or financial advice. Anything I say is for general informational purposes only. Always seek independent professional advice.
Support the Freedom of Speech of our Community
Disclaimer: Nothing I say should be taken as tax, legal or financial advice. Anything I say is for general informational purposes only. Always seek independent professional advice.