When progressing through a Google Wallet transaction via NFC, the system requires the user to input his/her PIN to follow through with their transaction. Zvelo, a respected security firm based in Colorado, has communicated to Google that due to their current security architecture, rooted devices PIN information is at risk. Most of you are not included in this small pool of people, and should be safe.
But for the rest of you modders running custom ROMs and kernels, while using Google Wallet take extra precautions to protect yourselves. Apparently, PIN information is saved in the actual phone, and not through the secure NFC chip. And thus Zvelo stated that “this completely negates all of the security of this mobile phone payment system”. I don’t know about you, but hacking the PIN to my Google Wallet account would leave me in utter turmoil.
Preventing this is actually easy, but requires doing nevertheless. By adding a lockscreen security pattern or PIN to your device and disabling USB debugging, the chances of a hacker producing your Google Wallet PIN is slim to none. Though, Google is probably already taking measures to improve current security upon realization – so I’m sure we’ll hear back from them soon.