Google doesn't take any chances when it comes to security

Mar 6, 2012 13:50 GMT  ·  By

While many of the vulnerabilities found in Google Wallet have been addressed at some point, the possibility of a brute force attack against the application's PIN on rooted phones still haunted the company. In response to this issue, Google decided to ditch support for rooted devices.

In the past period numerous security researchers took a crack at finding vulnerabilities in Google’s Wallet and most of them managed to identify certain flaws that one way or the other left users exposed to malicious plots.

One of the latest security holes was discovered by zvelo researchers who determined that a brute-force-attack launched against the Wallet’s PIN could unmask the precious code.

The next day Google responded by saying that it was not a real weakness, since zvelo experts conducted the experiments on a rooted smartphone.

“We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone,” Google said at the time.

Now the company reinforces that recommendation by restricting the Wallet’s installation on tampered Android devices.

Droid Life reports that when a user tries to install Google Wallet on a rooted smartphone, a message saying “Unsupported device” is displayed on the top of the screen.

Those who want to learn the details are presented with a message that highlights the security risks involved with the use of a phone on which the user is allowed system-level access.

“We strongly discourage doing so [rooting the device] if you plan to use Google Wallet. We are unable to support devices with unauthorized operating systems as the security layers of the device may be limited,” reads the Unsupported Device Policy. Even though it wasn’t something that was easily exploitable, Google addressed this issue to ensure that no unfortunate incidents take place, especially considering that the vulnerability allowed a potential thief to access the user’s prepaid card funds.

On the other hand, this decision may displease some Android enthusiasts, but when it comes to security, cutting corners never leads to anything good.