- Recent findings have unveiled a loophole in Android, particularly with Google Wallet.
- Cards linked to the wallet risk exposing themselves if NFC and App pinning features are enabled.
- Google is said to be aware of the issue, and the recent September 2023 security patch for Android devices might have fixed it.
- The Pixel phones, however, are yet to receive the security patch.
Android screen pinning, aka app pinning functionality, is a nifty feature that lets users pin specific apps (via apps overview) on their screens. However, a recent security vulnerability has revealed that this feature can put your credit/debit cards at risk if linked to your Google Wallet.
A recent
Github finding (via
9to5Google) has revealed a possible way to get your card details linked to Google Wallet through a general-purpose NFC reader (Flipper Zero, in this case). The finding suggests this is due to a logic error in the code when the device resides in lock screen mode — with app pinning enabled — and the NFC turned on. The risk is significant as user interaction isn't necessary for this exploitation.