By Stephen Schenck | December 13, 2011 3:44 PM
Despite a growing number of Android users owning a handset capable of NFC transmissions, there’s still only a fraction of them able to officially access Google Wallet. We’ve looked at some work-arounds for bringing the mobile payment system to your phone, and the app’s availability should only increase as time goes on. Once you’re all up-and-running with Google Wallet, can you trust that it’s keeping your data secure? A new report on how the app manages its data shows both some hits and some misses.
You’d expect your credit card number to be stored with the highest security in mind, and that’s indeed the case with Google Wallet. The app records the card number only to the NFC chip’s secure storage, so not even a rooted phone will give up the info.
The potential problems arise with all the other little bits of data that are still accessible. With access to your phone, either physical or via the proper malware, an attacker could learn the last four digits of your card number, your name, your email address, and card expiration date. Combine that with a record of transactions you’ve made, and that cache of data is starting to look like quite the ammo for a social engineering or identity theft attempt.
It would definitely be in Google’s interest to store all this data encrypted on the phone, if only to make it that much more difficult to surreptitiously access. That said, this threat feels a bit overblown. We keep so much data on our phones anyway, that anyone with access is likely going to be able to learn a whole lot more about us than just these details stored in Google Wallet.