The adventure that is the life of Google Wallet isn’t over yet. The storied tale reads like the life of a comic book hero who’s up against a massive group of conglomerates and now, is being strung up as a security risk. In any case, for those keeping track, it looks like Google Wallet stores some unencrypted credit card, balance, and personal information on your rooted device.
Investigations yielded that various SQLite databases that are unencrypted reside in the phone with information like the last four digits of your credit card, card limit, expiration date, transaction dates, and locations. The security firm viaForensics‘ study of Google Wallet lead to it failing the app in securely storing data.
The firm stated that the name on the card, expiration date, last four digits, and email account are recoverable when transactions are deleted or Google Wallet is reset. For the end user, that means if you want to sell a device you have been using Google Wallet on, you should do a complete wipe of the phone to ensure that your personal information is not being stored in the background somewhere.