{"id":394497,"date":"2026-04-16T02:35:10","date_gmt":"2026-04-16T02:35:10","guid":{"rendered":"https:\/\/www.newsbeep.com\/il\/394497\/"},"modified":"2026-04-16T02:35:10","modified_gmt":"2026-04-16T02:35:10","slug":"android-phones-arent-at-risk-of-iphone-tap-to-pay-transit-attack","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/il\/394497\/","title":{"rendered":"Android phones aren’t at risk of iPhone tap-to-pay transit attack"},"content":{"rendered":"

\t\"\"<\/p>\n

For the past five years, a tap-to-pay vulnerability on iPhone has been known and has now been highlighted in an in-depth video, but your Android phone is not at risk for this.<\/p>\n

Tap-to-pay is basically everywhere now and, generally, is considered quite secure. In a new Veritasium video<\/a>, a long-standing vulnerability that allows very large purchases without even unlocking the phone is detailed. <\/p>\n

The sophisticated \u201chack\u201d works by tricking the phone into thinking it is talking to a transit system, as special modes on both Android phones and iPhones will bypass the usual requirement for unlocking your device in this particular instance, while also working offline for the sake of underground transit systems where network connections may be spotty. <\/p>\n

But iPhones are the only ones vulnerable here. <\/p>\n

\tAdvertisement – scroll for more content<\/p>\n

\u201cExpress mode,\u201d as it is called on iPhone, allows transit systems to bypass the lockscreen, while a flaw in how Visa handles big purchases will allow for those larger purchases not to be flagged when used in a transit setting like this \u2013 it doesn\u2019t happen with other processors. The process involves some special hardware (pictured above, as seen in the video<\/a>), as well as a rooted Android phone to act as a card emulator. Apple pointed to Visa as the root of the problem, where the payment processor believes this is unlikely to happen in a real-world setting, and says such an attack would be covered under the Visa Zero Liability Policy<\/a>. Apple and Visa have both been aware of this vulnerability since 2021<\/a>. Visa, at one point, called rooting an Android phone a \u201cdifficult\u201d process as one reason this is unlikely to happen \u2013 take that as you will.<\/p>\n

The entire video is well worth a watch, but what we wanted to highlight here is that, as it stands today, Android phones are not vulnerable to this specific attack.<\/p>\n

As the video points out<\/a>, Samsung will flag large purchases made through transit modes. Google meanwhile, has an additional layer of security. Google Wallet will allow<\/a> for payments with a locked device, but does require<\/a> the screen to be turned on. Google has been further<\/a> locking down the Wallet app with biometrics, even outside of payments.<\/p>\n

More on Google Wallet:<\/p>\n

Follow Ben:\u00a0Twitter\/X<\/a>,\u00a0Threads<\/a>, Bluesky<\/a>, and\u00a0Instagram<\/a><\/p>\n

\t\t
\n\t\t\t\"Add
\n\t\t\t\"Add
\n\t\t<\/a><\/p>\n

FTC: We use income earning auto affiliate links. More.<\/a><\/p>\n

\"\"<\/a>\t\t\t\t