Most of us are very concerned about the security of the data that is stored on our smartphones. That concern is only going to grow as services like Google Wallet take more than our contacts or emails and store the data on phones. The security of Google Wallet has been called into question by a security firm called viaForensics. According to the security firm, the Google Wallet app has failed their security tests.
ViaForensics reports that the Google Wallet app stores too much of the personal data of the consumer on the handset itself. The app doesn’t store the entire credit card number, but according to the firm, there is enough personal data stored on purchases and credit cards that a social engineering attack could be crafted that would fool most people. Information on transaction dates, limits, expiration date, and the last four numbers of the credit card are stored in databases on the phone. A carefully crafted email to confirm an order might fool some users.
Google’s response to the security concerns was to point out that viaForensics used a rooted phone in the investigation and that the data is only available on a rooted device. The downside for Google is that there has been malware in the past that could get past Android security. The malware is called Droid Dream. ViaForensics is the security firm that found a vulnerability in the Square Mobile Payment app in the past.
[via American Banker]