On Saturday, Google announced that it was temporarily shutting down the use of prepaid credit cards for its Android-based Google Wallet payment service. At the time, Google said it had discovered a flaw in the system that would have allowed the "unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock."
Late on Tuesday, Google announced that Google Wallet can once again use new prepaid credit cards thanks to the company fixing the security flaw. The post stated:
While we’re not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers.
Google had come under some fire from users after a research report from Zvelo claimed last week that Google Wallet"s PIN codes could be cracked via brute force methods. However, both Zvelo and Google stated this method would work only on Android-based smartphones that had been rooted. Google has also stated publicly that it strongly discourages using Google Wallet on rooted Android phones.
Zvelo has now fired back on that claim, saying that any Android device with Google Wallet could be rooted after it is stolen to gain access to the Google Wallet PIN codes. The report states:
There are more secure approaches to storing this material, such as storing this data in an encrypted container with a strong password, by keeping some parts securely “in the cloud” or protected by an NFC secure element.