Hold on... a lot of the comments above are stressing about how insecure Contactless CARDS are. And yes, someone could tap against your pocket with a lashed-together reader and do a transaction.
It would be short lived, as they'd need all the associated trader accounts so it would take approximately 15 minutes (including a coffee break) to work out that one trader has had a 10,000% increase in fraudulent payments.
But Android/Google Pay? It uses generated card numbers that are only good once. If you were to steal the data by the same method it could only be used that one time, and then the legitimate owner would see a notification that their phone has just done a transaction. And even then, you could only steal that information if the phone was screen-on or unlocked in the victim's pocket.
Phone payments are MORE secure than contactless cards. Pick up a card you find in the street and you can spend £29.99 a pop before it's reported lost. Pick up a phone and assuming the owner isn't a passwordless cretin (actually, doesn't Google Pay enforce at least a PIN code?) it can't be used for transactions.