Ledger, a French startup mostly known for its secure crypto hardware wallets, has started shipping new wallets nearly 18 months after announcing the latest Ledger Stax devices. The updated wallet features an E-Ink display and has been designed in partnership with Tony Fadell, one of the main designers behind the iPod. E-Ink technology is generally […]
© 2024 TechCrunch. All rights reserved. For personal use only.
After multiple delays, Apple and the Paris area transportation authority rolled out support for Paris transit passes in Apple Wallet. It means that people can now use their iPhone or Apple Watch as a Navigo pass to ride the metro, train, tram or bus. This is important news for Île-de-France Mobilités (IDFM) — the transportation […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.
© 2024 TechCrunch. All rights reserved. For personal use only.
Google on Wednesday launched its digital wallet in India with local integrations, nearly two years after the app was relaunched as a digital wallet platform in the U.S.
As TechCrunch exclusively reported last month, Google Wallet will operate in India alongside the existing Google Pay app, which will remain the company’s payments app in the country. Google had replaced its Pay app with Wallet in the U.S. in February.
“Google Pay is not going anywhere. Google Pay is our primary payments use case,” Ram Papatla, general manager and India engineering lead for Android at Google, said at a press conference in New Delhi. “Wallet is specifically tailored for thinking about the non-payment use cases.”
Google Wallet will let Android users in India store and access their boarding passes, gift cards, event tickets, and loyalty passes. You can add all of this through a QR code, barcode or link shared through Gmail, or by using a dedicated Add to Google Wallet button available on partner apps.
The app will also store transit tickets and let you create passes from any images containing a barcode or QR code, such as airline boarding passes, luggage tags or parking receipts.
Initially, Google Wallet will work with 20 brands, including PVR Inox, Flipkart, Air India, MakeMyTrip, Pine Labs and Ixigo. It has also onboarded local transport operators such as Kochi Metro, Hyderabad Metro, VRL Travels and Abhibus. Additionally, the company has partnered with system integrators Wavelynx and Alert Enterprise to let users store and access their corporate badges.
Android continues to dominate the smartphone market in India, with a 93% market share, per latest Counterpoint data shared with TechCrunch. In 2023, out of the 152 million smartphones shipped in the country, 140 million ran Android. Smartphone penetration rate for the year was 70%, up from 66% in 2021, the market research firm said.
All this gives Google a solid reason to launch Wallet in India. However, it would face competition from Samsung Wallet, which the South Korean company offers as a one-stop digital wallet and payments app. Apple also has its Wallet app for iPhone users in the country, though that app doesn’t have many local integrations. Instant messaging app WhatsApp also provides the ability to get virtual boarding passes and transit tickets from platforms like MakeMyTrip and state metro train operators.
A crypto wallet maker claimed this week that hackers may be targeting people with an iMessage “zero-day” exploit — but all signs point to an exaggerated threat, if not a downright scam.
Trust Wallet’s official X (previously Twitter) account wrote that “we have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web. This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk.”
The wallet maker recommended iPhone users to turn off iMessage completely “until Apple patches this,” even though no evidence shows that “this” exists at all.
The tweet went viral, and has been viewed over 3.6 million times as of our publication. Because of the attention the post received, Trust Wallet hours later wrote a follow-up post. The wallet maker doubled down on its decision to go public, saying that it “actively communicates any potential threats and risks to the community.”
Trust Wallet, which is owned by crypto exchange Binance, did not respond to TechCrunch’s request for comment. Apple spokesperson Scott Radcliffe declined to comment when reached Tuesday.
As it turns out, according to Trust Wallet’s CEO Eowyn Chen, the “intel” is an advertisement on a dark web site called CodeBreach Lab, where someone is offering said alleged exploit for $2 million in bitcoin cryptocurrency. The advert titled “iMessage Exploit” claims the vulnerability is a remote code execution (or RCE) exploit that requires no interaction from the target — commonly known as “zero-click” exploit — and works on the latest version of iOS. Some bugs are called zero-days because the vendor has no time, or zero days, to fix the vulnerability. In this case, there is no evidence of an exploit to begin with.
A screenshot of the dark web ad claiming to sell an alleged iMessage exploit. Image Credits: TechCrunch
RCEs are some of the most powerful exploits because they allow hackers to remotely take control of their target devices over the internet. An exploit like an RCE coupled with a zero-click capability is incredibly valuable because those attacks can be conducted invisibly without the device owner knowing. In fact, a company that acquires and resells zero-days is currently offering between $3 to $5 million for that kind of zero-click zero-day, which is also a sign of how hard it is to find and develop these types of exploits.
Do you have any information about actual zero-days? Or about spyware providers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Given the circumstances of how and where this zero-day is being sold, it’s very likely that it is all just a scam, and that Trust Wallet fell for it, spreading what people in the cybersecurity industry would call FUD, or “fear uncertainty and doubt.”
Zero-days do exist, and have been used by government hacking units for years. But in reality, you probably don’t need to turn off iMessage unless you are a high-risk user, such as a journalist or dissident under an oppressive government, for example.
It’s better advice to suggest people turn on Lockdown Mode, a special mode that disables certain Apple device features and functionalities with the goal of reducing the avenues hackers can use to attack iPhones and Macs.
According to Apple, there is no evidence anyone has successfully hacked someone’s Apple device while using Lockdown Mode. Several cybersecurity experts like Runa Sandvik and the researchers who work at Citizen Lab, who have investigated dozens of cases of iPhone hacks, recommend using Lockdown Mode.
For its part, CodeBreach Lab appears to be a new website with no track record. When we checked, a search on Google returned only seven results, one of which is a post on a well-known hacking forum asking if anyone had previously heard of CodeBreach Lab.
On its homepage — with typos — CodeBreach Lab claims to offer several types of exploits other than for iMessage, but provides no further evidence.
The owners describe CodeBreach Lab as “the nexus of cyber disruption.” But it would probably be more fitting to call it the nexus of braggadocio and naivety.
TechCrunch could not reach CodeBreach Lab for comment because there is no way to contact the alleged company. When we attempted to buy the alleged exploit — because why not — the website asked for the buyer’s name, email address, and then to send $2 million in bitcoin to a specific wallet address on the public blockchain. When we checked, nobody has so far.
In other words, if someone wants this alleged zero-day, they have to send $2 million to a wallet that, at this point, there is no way to know who it belongs to, nor — again — any way to contact.
And there is a very good chance that it will remain that way.
Google Wallet will finally launch in India — nearly two years after its relaunch as a digital wallet platform in the U.S. — according to a preview of the app that the company accidentally posted on the Google Play store in the country.
After TechCrunch spotted the listing for the app — which will let users load up loyalty cards and buy things, among other features — the company declined to confirm that it will be coming soon to Android users. But it then appear to pull some of the details from the listing, such as what appear to be high-profile launch partners local to India. (The app now more generically features U.S. brands.)
Somewhat confusingly, Google did confirm to us that it will continue to run Google Pay as a standalone app in the country, at least for now. That’s a different strategy from just about every other market, where Google has been merging Wallet and Pay experiences together under a single Wallet app.
“While we don’t have anything new to share right now, we’re always working to bring more convenience to people’s digital experiences in India. We’re continuing to invest in the Google Pay app to give people easy, secure access to digital payments,” a Google spokesperson said in a statement to TechCrunch.
We understand that part of the reason seems to be that Google Pay is already massive in the country — it’s largely understood that India is Google’s largest market globally for payments, and it’s the second-largest payment app after PhonePe.
Not least because Google has confirmed its plans to continue to offer Google Pay as its payment service in India, the Indian version of Google Wallet is expected to differ from that of the U.S. For one, Google is looking to provide local integrations on the Wallet app in the country, which houses its biggest Android user base.
The Google Wallet listing that TechCrunch spotted last week featured screenshots of Indian airline Air India, state-owned bank State Bank of India and multiplex chain PVR Inox, suggesting that loyalty points can be picked up and used through these brands. (Shortly after TechCrunch reached out to Google for comment, Google updated the listing with U.S. brands.)
Image Credits: Google Play Store screenshots
The existing Google Wallet app is not available yet for download through the Play Store in India, but it has been working for some Android users in the country for some time, as reported by the Indian outlet Beebom. However, functionality is limited: users can add credit and debit cards for contactless payments, but the app does not support any Indian businesses and local loyalty programs.
These latest changes cap off a lot of bouncing Google has been doing between various financial services and differently-branded apps. Google Wallet was launched as the company’s payment solution way back in 2011. Then, Google launched Android Pay. Then, it tried to replace the Wallet and its Android Pay app with Google Pay. In 2022, Google relaunched the Wallet app as its digital wallet platform for Android, Wear OS and Fitbit OS. However, in February this year, the search giant announced it would replace Google Pay with the Wallet app in the U.S.
Unlike its U.S. version, Google Pay in India uses the Indian government-backed framework Unified Payments Interface (UPI) to enable payments. This is one reason why Google Pay is different in India, and also one reason why it might choose to continue giving users a separate option if they are already using it.
Google Pay is the second most used UPI app in India after Walmart’s PhonePe, giving Google an apparent reason to continue to support it while offering digital wallet-related experiences through the Wallet app. The Google Pay app initiated more than 5 billion transactions valued at over $83 billion in March, per the data posted by the UPI-parent organization National Payments Corporation of India.
Founded in 2017, Atoms Lanka Solutions is a provider of IT consulting and software development services. Throughout the company’s history, we have worked with over 160 customers from 5+ countries..
