Google Wallet Exploit Reveals Credit Card Details to NFC Devices
A fix is included with the September 2023 security patch, which is still being deployed.
A strange Google Wallet bug, which affects smartphones running Android 5.0 and up, may expose your credit card details under a very specific set of circumstances.
demonstrated by MrTiz on GitHub and YouTube, the CVE-2023-35671 vulnerability is due to a loophole in Android's Screen Pinning tool.
you would need to wave your phone around an NFC device while an app is pinned to your lock screen.
The steps to avoid this exploit are very straightforward—disable Screen Pinning, or unpin whatever app's on your lock screen before attempting to make a contactless payment