Android App Pinning Flaw Could Expose Credit Card Details, Patch Released

Android's App pinning feature has a potential flaw that could expose credit card details if users enable a specific combination of settings.
For the flaw to work, the device would need App pinning enabled with a PIN to unpin, NFC payment enabled, and have a pinned app closed.
Google has classified this as high severity and released a patch in the September 2023 Android security update.
Users who can't update can disable App pinning or NFC payments as a workaround.
The flaw doesn't enable unauthorized payments, but could expose full credit card details if exploited.

androidpolice.com

Relevant topic timeline:

9/7/2023

September Google System Updates: FIDO2 PIN support, more

Android's September 2023 system updates will include better support for using a PIN with the FIDO2 security standard, along with improvements to Google Wallet and the introduction of a new settings page on the Play Store.