Google Wallet Leaves You Open to Cyber-Muggers
A new study by security firm ViaForensics suggests Google Wallet doesn’t protect users’ personal data, storing it in an unencrypted format. Image Credit: Google

A new study by security firm ViaForensics suggests that Google Wallet doesn't protect users' personal data, storing it in an unencrypted format.

First reported by CNET, the security firm made the claim after it discovered encrypted user data, including card balance information, on a rooted Nexus S smartphone. Google Wallet is currently only officially available on the Nexus S and Nexus S 4G.

With news that smartphones using the Google Wallet Near Field Communication payment system store unencrypted data out, many firms have expressed concerns that the lack of encryption leaves the data open to cyber-criminals.

"While Google Wallet does a decent job securing your full credit card numbers, the amount of data that Google Wallet stores unencrypted on the device is significant," read ViaForensics' report. "Many consumers would not find it acceptable if people knew their credit card balance or limits."

ViaForensics went on to add its own concerns that would-be hackers could use the unencrypted information to launch a phishing scam targeting Google Wallet users.

Despite the study, Google has reassured users that the service is still safe and only affects rooted devices. "The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet," Google said to CNET.

"This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV number. Android actively protects against malicious programs that attempt to gain root access without the user's knowledge. Based on this report's findings we have made a change to the app to prevent deleted data from being recovered on rooted devices."

Google went on to claim that it was aware of the security issue and it had already "addressed" it in a software update.

At the time this article was written Google had not responded to the International Business Times UK's requests for comment.

Android