Google Pay and Paytm have acknowledged the flaws and that the vulnerabilities have been fixed.
Google Pay and Paytm have acknowledged the flaws and that the vulnerabilities have been fixed.Ankit Thakur, a B.Tech (CSE) student from Haryana, identified three technical bugs in the UPI apps ecosystem that could be misused by fraudsters. According to The Tribune report, Thakur was still in school when his father, a driver by profession, lost Rs 20,000 in an online fraud back in 2020.
The incident deeply affected him, prompting him to dig deeper into how UPI apps work and look for weaknesses that scammers can exploit. Thakur started flagging the identified flaws to the Google security bot in June 2025, and the company also acknowledged the bugs and rolled out fixes in February 2026.
Also read: UPI fee backlash: 3 in 4 users say they will stop using platform if transaction charges are imposed
The three technical bugs included Chrome Intent Vulnerability, Authentication Bypass, and Audio Hijack. One of these threats lets harmful websites open apps like UPI without user consent or interaction. “This feature acts as an open door for scammers, giving them a direct path to the user’s payment interface,” The Tribune quoted Thakur.
The second threat bypasses the first layer of authentication, such as app locks or biometrics, which helps secure UPI apps. The teen further stated that Google Pay and Paytm have acknowledged his report, and that the vulnerabilities have been fixed.
Lastly, the Audio Hijack is said to be the most dangerous of them all. “In this scenario, UPI apps fail to ‘lock audio focus’ during a payment. Taking advantage of this, a fake app hidden in the background can play its own audio. The user believes the voice is coming from the payment app itself and falls prey to fraudsters.”
However, it should be noted that Google conducts rigorous verification before acknowledging the severity of the flaws. Then it makes necessary fixes and critical patches to secure the Android ecosystem for UPI. Therefore, it also brings attention to how crucial it is for smartphone users to regularly update and download security patches and keep the operating system and apps updated at all times.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine
Tata stock: Why Tata Chemicals shares jumped 12% today
Noida protest: Police issue traffic advisory as workers block Delhi border over pay hike, NH 9 gridlocked
‘Won’t even be a fleeting gain…’: Economist Kaushik Basu on US’ threats to block Hormuz
TCS fresher hiring hits 25,000 in FY27, more depends on demand
Buy Suzlon Energy, Inox Wind shares: Up to 62% upside targets; Q4 preview
Vedasandur: The Seat That Decides Tamil Nadu? Bellwether Constituency In Focus
Iran’s Supreme Leader Missing From Public View? Mojtaba Khamenei Silent After Strike
Strait Of Hormuz Crisis Deepens After U.S.–Iran Talks Collapse | Face-Off Intensifies
U.S.-Iran Talks Fail In Islamabad | Ceasefire At Risk, Hormuz Tensions Rise
Ground Report: Indian Workers In Tel Aviv Debunk Bunker Access Rumours Amid Missile Sirens
Buy Suzlon Energy, Inox Wind shares: Up to 62% upside targets; Q4 preview
'Buy' calls: Why Nuvama prefers BEL, Data Patterns, Solar Industries over HAL, BDL — check target prices
Jyoti CNC Automation shares tumble 16% today; here is why
Ola Electric shares slip 8%,overbought on charts; still a 'buy'?
120% dividend stock: Check amount, record date, payout history