Google has reopened the ability to add a prepaid account to its Wallet application. A security weakness flagged by a security research firm a week ago forced the search giant, in an abundance of caution, to lock down the wallet. It has now resolved that particular problem. Google’s also reminding its Android users not to “root” their phones, an act of unlocking them that circumvents many of Android’s built-in security features. Or, if they do root the phones, not to use Wallet on them.
Google historically puts its software products into the real work in beta form. It’s taking the same approach with Wallet and, despite the real risks of financial loss, what is important is the company is fixing the issues at it finds them and not hiding or protesting as some others have done. Two things are going on here. First, Wallet is in its Release 1.0 phase. The product itself needs hardening and that’s best done “in nature” where real threats and use cases exist. Second, security will always be a moving target. As new threats emerge, vendors need to respond to them in a timely manner and Google appears to be doing just that.
The post makes a point of asking whether this change will impact user trust in Google Wallet. That’s a good question. From my point of view, a swift response builds trust far more effectively than a slow or defensive one. Given the small handful of people actually using Google Wallet, the impact can’t be too widespread.
The fix prevents existing prepaid cards from being swapped from one user to another, something Google says it believes will help tighten up Wallet security overall. As for the temporary lock-down, Google reckons that – despite there being no evidence of real-world hacks – it took the step merely as a precaution.
