Google Wallet famously won’t work on the slick Galaxy Nexus, which may bother some folks when that phone finally lands in the US. However, if you are the security-conscious sort that may not be a big deal to you in the wake of a recent report by a security firm called viaForensics that is claiming that the Google Wallet app isn’t secure enough. American Banker reports that viaForensics found that app stores enough data on the phone itself that a well-crafted email from a nefarious sort could fool many users into giving up more credit card details.
ViaForensics reports that the Google Wallet app doesn’t store the entire credit card number, but it stores data on purchases, the last four digits of the credit card number, and transaction history on the phone. The company thinks that malware would be able to get to the data store on the phone. Google responded by saying that viaForensics used a rooted smartphone in its testing and that the app is secure.
However, we have seen malware in the past that could bypass Android security; the malware was called Droid Dream. ViaForensics says that the data stored on the phone also offers details on card balances and payment due dates. The company says that the data it stores should not be stored unencrypted on the handset.