After many concerns were raised regarding the security of Google Play, Google’s version of an app store for Android users, Google took some steps to beef up security. Google went ahead and employed Bouncer which is a security solution that works straight from the cloud. In the end, the deployment didn’t seem to make much headway in addressing the primary problems.
The biggest hole Google Play’s security was that malware could be attached to apps and transferred to a user’s phone undetected. Since the applications are based on open source code Bouncer was not able to easily discern infected applications from applications that were safe. There have been several other hypothetical security flaws proposed regarding Google Play, and several other bugs have been discovered.
Google’s Track Record Affects Consumer Trust in Google Wallet
With the problems Google has faced with Play, many users have begun to worry about the safety of Google Wallet, which is still in its initial development phase. This new payment mechanism for smartphones relies on near field communication or NFC technology to communicate directly with an in-store receiver. In essence, the check out point at the store or where the transaction is being made has an NFC chip that can receive information directly from your smartphone, making check outs quick and seamless.
For the time being Google Wallet is only available to users who have a Citi Mastercard, and have the account linked to their smartphone. Customers can transfer funds to any retailer that has installed the an NFC receiver installed in store, and can also shop online with their smart device. The possibility of another device intercepting a transaction has been a concern for many people since Google announced the Wallet service in the first place. The wireless nature of the data transfer adds another link that can be exploited by criminals and identity thieves. Not only do consumers need to worry about their data being compromised in the database or while being transferred through hardware, but now they must be wary about having their data picked out of the air.
Google Wallet Already Having Troubles?
Not long ago a service was launched to allow users without a Citi account to sign up for Google Wallet and make use of the technology. Users could opt for a pre-paid account similar to a checking account. Transactions would then deduct funds from your account when you made a purchase. This also turned out to have security flaws and has been temporarily suspended. It was found that the Wallet service app would store information about these prepaid accounts on to the device it was operating through. Prepaid account information was still present even after Google Wallet had been uninstalled and removed from the device.
After this flaw had been uncovered more testing was done on the app and to look in to any other problems and many were found. Just last week another security firm found that it was possible to access a user’s PIN number, the one associated with their bank account. The hack required the hacker to gain physical control of the phone, and also only worked when the phone was tampered with, but is still unacceptable if Google plans on making Google Wallet a standard form of payment. The most startling thing about this hack is that it happened after the information had been deleted from the device. Google does warn users against tampering with or rooting mobile devices, but it is far more common than you might think.
I’m not Afraid of Hackers!
If this wasn’t enough, a short time later The Smartphone Champ announced that he had found a way to gain full user access without tampering with the device. By simply going in to the application settings on the phone and resetting them to default, then erasing the pin, the application forwards a request for a new PIN the next time that Wallet is run. The person who has access to the phone will be able to take advantage of the Wallet’s full credit limit, or the balance of their bank account. The routine is so simple that a child would have no trouble compromising your pin and accessing your money.
With all these early security concerns, it’s apparent that such an innovative technology brings lots of problems along with it. Google has benefited greatly from crowdsourcing the testing of the application, and as with most new technologies, ethical hackers have answered the call to exploit security concerns loud and clear. As the application becomes more popular it will only attract more criminals, and next time they may not be so open about their findings. One of the benefits of this form of electronic payment is that it is traceable, but that hardly puts customers’ minds at ease when identity theft is such a prevalent problem.
Will you use Google Wallet as an early adopter? Or does the risk outweigh the reward in this case?
- Google Wallet Security Concerns: I’ll Stick With Cash - August 6, 2012