Two recently uncovered security exploits concerning Google Wallet have left users questioning just how safe the product really is. A security firm exposed a vulnerability last week that allowed hackers to bypass PIN protection, but it was only present on rooted devices. A second exploit, however, did not require a handset to be rooted, leaving all Google Wallet users exposed. By wiping stored Google Wallet data from within a device’s settings, an unauthorized user will be able to access a user’s prepaid funds without needing to know his or her Google Wallet pin. The company has acknowledged both security exploits, and it now says Google Wallet is safe and “offers advantages over the plastic cards and folded wallets in use today.” Read on for more.

Google has suggested that users who are interested in Wallet do not root their devices because the feature is not supported on rooted phones. “That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device,” said Osama Bedier, vice president of Google Wallet and Payments. To address the second issue, the Mountain View-based company has temporarily disabled provisioning of prepaid cards as a precautionary measure. The service will remain disabled until a permanent fix is available.

“We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card,” Google said in a statement. “We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”

Read