Feeds

How Google and Apple exposed their Achilles heels this week

Mobile payments and advertising are rocky ground for the big boys

SANS - Survey on application security programs

Analysis In the massive tussle between Apple and Google, it is easy to forget that neither giant (for all their successes) is infallible. They are almost unbeatable in their core markets – Apple in device design and user experience, Google in search, advertising and online software.

But once they venture out of their comfort zones, disaster can ensue, exposing Achilles heels for rivals to exploit. Both have stumbled multiple times in the TV market, and this week highlighted the risks both take to their precious brands when they get too power hungry and seek to extend their control over too many elements of the web ecosystem.

Google Wallet snafu

Google pulled prepaid cards supporting its Wallet payments platform temporarily but long enough to raise serious doubts over the initiative. Meanwhile, Apple was making desperate concessions to try to rescue its troubled iAd mobile advertising system.

Google was forced to disable the prepaid cards for its new Google Wallet payments system last weekend, following discovery of a major security hole. The search giant wants to kickstart adoption of NFC-based mobile payments by including Wallet in Android handsets in the US, and to ensure that platform vendors, rather than operators, have the upper hand in mobile commerce.

However, last week's intense attention to the security flaw in the software has been a setback, and Osama Bedier, VP of Google Wallet and Payments, acknowledged on a company blog that the prepaid cards were being pulled temporarily.

These cards allow users to upload money from credit cards to the virtual wallet on their phone, but Bedier said Google needed to "address an issue that could have allowed unauthorised use of an existing prepaid card balance if someone recovered a lost phone without a screen lock". He insisted the weekend's action was just "a precaution until we issue a permanent fix soon".

The hole came to light when blogger The Smartphone Champ outlined how a hacker could easily access a pre-paid card, which is connected to the user's device directly rather than a Google account. Crooks could therefore steal a phone and clear the data in the Wallet app, then log back in, at which point they would be prompted to enter a new PIN and Google account password. That would give them access to the card details and cash uploaded by the original owner.

Despite this, Bedier argued that Wallet remained a safe way to purchase goods, and better than "the plastic cards and folded wallets in use today". The app currently works on the Nexus S 4G device on Sprint's network and should come to other models and networks in the near future.

The whole incident aroused speculation that Wallet would prove to be another failed Google project, the latest in a string of experiments with hot markets where the search giant saw an opportunity to extend its influence – but was unable to deliver the required technology. There was a cull of such projects – including Google Labs, Google Health and Google PowerMeter – when Larry Page took the helm as CEO, vowing to "put more wood behind fewer arrows".

Wallet is closer to market than those, and is unlikely to go away altogether, at least unless it clearly loses the market to a rival. Any perceived security risks are the kiss of death to systems which involve users' money, but even before the recent problem, Wallet has not grabbed the support Google would have hoped for.

Verizon Wireless deactivated Wallet when it launched the latest Nexus smartphone, officially while it tested the capability – but many pointed to conflicts with the carrier's own participation in the Isis mobile payments initiative.

Six months after launch, Sprint remains the only carrier partner for Wallet and there are no signs of international plans. This issue is not unique to Google – all big NFC-driven plans have come up against retailer caution and consumer lethargy, which in turn has made the handset makers lukewarm about adding the pay-by-wave chips to their devices. The day of wireless NFC mobile payments is still a year or so away, and the question is whether Google will have the staying power to keep Wallet in the game until that day arrives.

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.