Google Wallet stores too much unencrypted data in a rooted device – report

Google Wallet does a good job of storing passwords but doesn't encrypt the entire credit card number, balance, and other information, a research firm said today after testing the application on a rooted device.

Data that is stored on the device in various SQLite databases in unencrypted form also includes name on the card, the last four digits of the credit card, card limit, expiration date, transaction dates, and locations, ViaForensics said in a report titled "Forensic security analysis of Google Wallet." In addition, the application created a recoverable image of a credit card that could provide fodder for a social engineering attack, according to the report, which was a high-level analysis of Google Wallet -- "the first real payment system leveraging NFC [near field communication] on Android."