Google Wallet

Juniper predicts NFC payments to hit $74 billion by 2015

Do you have Near Field Communication (NFC) built into your device? Probably not. But that doesn't really matter, because the future of smartphones has NFC well under its wing. At the moment, you'll find that very few devices (such as the Nexus S and Galaxy Nexus) are NFC compatible, thus making Google Wallet still relatively new to the public. Despite its unpopularity, Juniper research predicts NFC payments will hit $74 billion by the time 2015 rolls around.

Reuters: App developers will soon be forced to use Google Wallet for in-app payments

Disturbing news out of Reuters' business division: reports are coming in that Google is telling major Android Market/Google Play developers to adopt Google Wallet for in-app purchases, or be removed from Android's official app distribution platform. Major developer Papaya Mobile told Reuters that Google sent them an email in August that they had to switch from their current payment system or be booted off the Android Market. Google declined to comment on the story.

Google Wallet now displays warnings for rooted phones

Oh boy. After taking considerable heat from the privacy and security community over cracks in Google Wallet, the company updated the NFC payment app to close a security loophole. That apparently didn't do anything to close the vulnerability for rooted devices, discovered in February. Instead of address the problem for rooted phones, Google seems to be sticking by its recommendation the rooted users not install Google Wallet. In a fit of expediency, they're making sure that root users know their position: Google Wallet now displays an "unsupported device" warning message when run on a rooted phone.

Android applications flaw can allow photo access

Ever wonder if the photos you snapped with your Android device were safe from others to see? Well, I'm sure you hadn't considered it, but it turns out they're not. Developers have the capability to see users photos right after they allow them to access their local information! This little glitch can occur without any notice to the user as well.

Google pushes security fixes for Wallet, Google+, and Authenticator

A few weeks back, a Google Wallet vulnerability was found making both rooted and untampered devices with the application vulnerable to hackers. The crack exposed the PIN within seconds, and was since temporarily patched by Google. This patch disabled the use of prepaid cards, and since then we hadn't heard much on the subject. Google is pushing three security fixes today that not only allow for prepaid card usage with Wallet, but offer core system fixes.

Surprise: you don’t need root to break into Google Wallet after all

So there's some considerable hubbub surrounding Google Wallet at the moment, after an independent security researcher was able to create a rooted app that bypasses the PIN lock in the software. You can see Google's official response just a few stories down. But now another party, the self-styled Smartphone Champ, has discovered another way to get into a private Google Wallet account, no root required. Technically this is more of a lopphole than a crack, if only because it uses Android's default setting to achieve access. The gist is that all you need to do to wipe the security PIN is to delete the app's stored data via the Settings menu, essentially resetting it to the state it was in when you downloaded it from the Android Market. This is a common Android function and is even recommended sometimes when an app is misbehaving. Wipe the data, re-launch the app, and you (or anyone who has your phone) can access Wallet, associate it with your Google account (without entering a password) and set up a new PIN. Then they can spend the money at any online or retail store that accepts Google Wallet - all without root. Watch as Hashim demonstrates: [youtube Rh1ytHrhj2E] This is a much bigger problem than the previous leak, because anyone with physical access to your phone has the ability to do this quickly and easily. The problem lies with Google Wallet's authentication system: though funds are added into your account and virtually "kept" by Google, the authentication is linked to a single device, not your account. Compare this with any banking app, which keeps your account password connected to your username. Odds are overwhelming that Google will address this loophole very soon. In the meantime, the best way to stay protected while using Google Wallet is to set up a PIN or lock pattern on your device itself - without the PIN or pattern, a thief would have to completely wipe your phone to access any apps or data. [timeline] [via 9to5Google, via AndroidandMe]

Google responds to Wallet root vulnerability: don’t use Google Wallet

You've probably already seen the recently exposed vulnerability in the Google Wallet app which potential thieves to steal your PIN code if you're running a rooted version of Android. The crack can be applied even after a PIN or password is changed, but again, only on rooted devices. After The Next Web posted the story from the original source, Google itself responded - though there isn't much information on an actual resolution. Essentially, Google reminds users that a stock phone cannot be affected in this manner, and recommends that root users refrain from downloading Google Wallet at all. Here's the full text of their reply:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
That's a disappointing answer, but not an unexpected one. When you unlock or root a device, you're always running at least some kind of risk, to your hardware, your software, and even your personal data. The possibility that 1) your rooted phone would get stolen by 2) someone with the technical knowledge to pull a similar hack off and 3) the knowledge that both your banking information is on the phone and that it's possible to retrieve it is remote to say the least. Considering the low saturation of NFC payment systems, especially in the US, it would seem that root users just need to do without for now. This isn't the first time that Google has essentially ignored the considerable percentage of Android users who root: there's still no way to legally watch movies or TV shows downloaded from the Android Market on a rooted device. While this is thought to be a measure insisted upon by the various entertainment studios, that doesn't make the refusal of service any less annoying. Even so, it's not Google's responsibility to cover every contingency of every Android modification: If you modify the software on your phone or tablet, you're responsible for any change in functionality or security. That seems like a reasonable position, if at times frustrating one.

Google Wallet PIN can be compromised on rooted Android devices

When progressing through a Google Wallet transaction via NFC, the system requires the user to input his/her PIN to follow through with their transaction. Zvelo, a respected security firm based in Colorado, has communicated to Google that due to their current security architecture, rooted devices PIN information is at risk. Most of you are not included in this small pool of people, and should be safe.

Google Wallet officially available for download on AT&T’s Android Market

Those of you with a Samsung Nexus S or Galaxy Nexus using an AT&T SIM card are now able to download Google Wallet straight from the Android Market. T-Mobile customers - as well as Verizon - will have to use an alternative method for downloading the application. It's not too sneaky, and has been confirmed by multiple users as a working perfectly.
1 2 3 4 5 6 7 8 9