Last week, two exploits concerning Google Wallet left users questioning the service’s security. One of the exploits allowed hackers to bypass PIN protection, but it was only present on rooted devices. A second exploit, however, did not require a handset to be rooted, leaving all Google Wallet users exposed. The company maintained that the service was secure but as a precautionary measure it disabled its prepaid card services, but Google announced on Tuesday that it has patched Wallet and has fixed the vulnerability. Security firm zVelo, however, is not satisfied with Google’s efforts. While the Mountain View-based company has suggested that users with rooted handsets don’t use Google Wallet, zVelo insists that a person can steal an Android phone and then root, thus performing the exploit to bypass the PIN. As an extra layer of security, it is recommended that users configure a passcode to protect their devices from unwanted access.