— Google Pay (@GooglePay) September 13, 2022 You’re not wrong to think that this can be very convenient, especially for making quick stops at a nearby store. Now, imagine how much this perk could also benefit a person who somehow stole your phone? Granted, this approach is no different from using the payWave function, which also requires a simple tap from your credit or debit card to complete transactions. However, remember that the same vulnerability still applies; expect thieves to abuse this convenience when they acquire your card as well. Usually, we’d continue this article with a guide on how you can disable this Google Wallet “feature” and help you avoid the worst case scenario from getting potentially worse. But unfortunately, this is where things get complicated.
Followed all the steps? Then you’re all set! Or so we thought.
If you immediately scrambled to your phone before finishing this article, welcome back. By now, you’ve probably noticed something very peculiar after scouring through the Settings app: all of the tabs and options mentioned earlier are nowhere to be found. And there’s a reason behind this. According to a forum thread on XDA, all of these steps only apply if you’re using a Google Pixel smartphone, or a device that uses stock Android. In other words, this particular option isn’t available on manufacturer-customised Android platforms such as MIUI, Oxygen OS, and so on. Believe me, I’ve gone through three different Android phones from three different brands just trying to locate it. And if you’ve visited the pages linked in the paragraph above, you’ll notice that the ability to only pay when your phone is unlocked has been requested and talked about by users for quite some time. Sadly, both manufacturers and developers never gave an answer to those concerns, let alone provide a proper solution. We can only assume that this vulnerability has likely been shrugged off as nothing major, therefore further actions are unnecessary. Plus, no one has complained about it, so it’s no big deal, right? You see, that’s the problem. The lack of complaints is one thing, but the fact that users of different Android smartphones are inquiring about the same security concern is probably something Google and the numerous phone brands should be looking into. Do we really need to wait for a celebrity to highlight the issue in order for developers to finally address it? Of course not. But unfortunately, this is often how most companies roll. You could just disable NFC and only enable it when you need to make payments. But honestly, the only thing this measure could achieve is prevent you from purchasing things on impulse. And did you know you could easily enable NFC through the pull-down Quick Settings menu without needing to unlock your phone?
Yup, the “alternative” suggested above is actually somewhat pointless. You’re better off crossing your fingers and hope that anyone who holds onto your phone is not well versed in tech, or is aware that you’re using Google Wallet. This at least gives you plenty of time to request your bank to cancel your card if your smartphone does end up missing. So, should you not use Google Wallet? Well, that’s entirely up to you, and I wouldn’t go as far as banning it altogether. However, now that you know an exploit is present and unattended to, maybe you should start giving your phone some extra care. Losing your phone to a thief is frustrating. But realising the fact that they also have some access to your digital wallet without needing to unlock your phone? That’s just disheartening. An exploit, no matter how minor, is still a flaw. And this could easily be solved by simply giving users the ability to disable the feature entirely for peace of mind, but alas… And on that bombshell.