As previously announced by the company, Google’s aptly named digital wallet feature, Google Wallet, is finally available in Malaysia. But before you start utilising it for all of your cashless transactions, there is one major thing you should take note of.
According to Google’s FAQ page, conducting payments under RM 250 with Google Wallet does not require you to unlock your phone or need authentication in order to complete tap-to-pay transactions. In fact, all you need to do is light up your device’s screen by hitting the power/lock button, and just tap on a payment terminal. That’s it.
Wouldn’t you love a more convenient commute? When you’re ready to ride, just tap and go. You don’t even have to unlock your phone to use Google Wallet. pic.twitter.com/aPmQynvZKX
— Google Pay (@GooglePay) September 13, 2022
You’re not wrong to think that this can be very convenient, especially for making quick stops at a nearby store. Now, imagine how much this perk could also benefit a person who somehow stole your phone?
Granted, this approach is no different from using the payWave function, which also requires a simple tap from your credit or debit card to complete transactions. However, remember that the same vulnerability still applies; expect thieves to abuse this convenience when they acquire your card as well.
Usually, we’d continue this article with a guide on how you can disable this Google Wallet “feature” and help you avoid the worst case scenario from getting potentially worse. But unfortunately, this is where things get complicated.
On the same FAQ page, Google says you can actually disable this ability by accessing the Settings app on Android. Once there, tap on Connected Devices, to Connection Preferences, and then tap on NFC. From here, all that’s left to do is flip the Require Device Unlock For NFC toggle.
Followed all the steps? Then you’re all set!
Or so we thought.
If you immediately scrambled to your phone before finishing this article, welcome back. By now, you’ve probably noticed something very peculiar after scouring through the Settings app: all of the tabs and options mentioned earlier are nowhere to be found. And there’s a reason behind this.
According to a forum thread on XDA, all of these steps only apply if you’re using a Google Pixel smartphone, or a device that uses stock Android. In other words, this particular option isn’t available on manufacturer-customised Android platforms such as MIUI, Oxygen OS, and so on. Believe me, I’ve gone through three different Android phones from three different brands just trying to locate it.
And if you’ve visited the pages linked in the paragraph above, you’ll notice that the ability to only pay when your phone is unlocked has been requested and talked about by users for quite some time. Sadly, both manufacturers and developers never gave an answer to those concerns, let alone provide a proper solution. We can only assume that this vulnerability has likely been shrugged off as nothing major, therefore further actions are unnecessary. Plus, no one has complained about it, so it’s no big deal, right?
You see, that’s the problem. The lack of complaints is one thing, but the fact that users of different Android smartphones are inquiring about the same security concern is probably something Google and the numerous phone brands should be looking into. Do we really need to wait for a celebrity to highlight the issue in order for developers to finally address it? Of course not. But unfortunately, this is often how most companies roll.
You could just disable NFC and only enable it when you need to make payments. But honestly, the only thing this measure could achieve is prevent you from purchasing things on impulse. And did you know you could easily enable NFC through the pull-down Quick Settings menu without needing to unlock your phone?
Yup, the “alternative” suggested above is actually somewhat pointless. You’re better off crossing your fingers and hope that anyone who holds onto your phone is not well versed in tech, or is aware that you’re using Google Wallet. This at least gives you plenty of time to request your bank to cancel your card if your smartphone does end up missing.
So, should you not use Google Wallet? Well, that’s entirely up to you, and I wouldn’t go as far as banning it altogether. However, now that you know an exploit is present and unattended to, maybe you should start giving your phone some extra care. Losing your phone to a thief is frustrating. But realising the fact that they also have some access to your digital wallet without needing to unlock your phone? That’s just disheartening.
An exploit, no matter how minor, is still a flaw. And this could easily be solved by simply giving users the ability to disable the feature entirely for peace of mind, but alas…
And on that bombshell.