14 DAY TRIAL // After zvelo unveiled the existence of a vulnerability in Google Wallet allowing for the PIN to be discovered with the use of a brute-force attack, Google responded to clarify that the issue only affected rooted phones, fact already mentioned by the researchers.
Even though they didn’t highlight the fact that only rooted devices were susceptible to the attack method they described, zvelo experts released an advisory recommending users not to root their devices to stay protected.
Google came forward with some further clarifications and revealed their official position regarding the matter to TheNextWeb, once again advising users not to root their phones.
Find Google’s statement bellow:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.