Comment by wiradikusuma
6 hours ago
The QR code doesn't open a link. It's just "gibberish" text only usable by app that can understand it (e.g. banking apps).
(I don't know anything about UPI, but in Indonesia we use a similar system)
6 hours ago
The QR code doesn't open a link. It's just "gibberish" text only usable by app that can understand it (e.g. banking apps).
(I don't know anything about UPI, but in Indonesia we use a similar system)
Its not gibberish text.
Its just a URI.
You can add things like &am= to prefill the amount. Merchant txns have reference IDs and all that stuff.
And that's the problem -- all i have to do is come up with a website that looks enough like your banking app, and get you to scan the uri to that website, and that'll trick you into giving me your pin.
this is why QR codes, especially ones with complicated encoded uris, are a security problem. they're very hard for leypeople to audit before doing the wrong thing
> all i have to do is come up with a website that looks enough like your banking app, and get you to scan the uri to that website, and that'll trick you into giving me your pin.
It is not how any of this works. But sure, keep up the uninformed fear mongering.
I am Indian and I think what you are saying is correct. It opens up the banking app or in our case UPI providers app so like Google pay, Phonepe,paytm, Bhim UPI and other such apps.