10

Datamining Facebook’s Novi wallet | Worth Doing Badly

 2 years ago
source link: https://worthdoingbadly.com/novi/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Datamining Facebook's Novi wallet

Nov 23, 2021

I tested Facebook’s new Novi digital wallet and found evidence for upcoming features, such as a debit card to access Novi balance, third-party linking with QR codes, and a way to buy Bitcoin directly from the app.

A screenshot of Novi

A hands-on video! Sort of.

Here’s my “hands-on” of the Novi settings screen on Android. I can’t demo the actual wallet since I wasn’t able to sign up for an account.

https://twitter.com/zhuowei/status/1457420727838195728

Facebook Novi wallet hands-on:
... except I'm not going to give Facebook my driver's license or bank account
You only get to see an empty "Settings" screen. Sorry. pic.twitter.com/Grh9Fhz22J

— Zhuowei Zhang (@zhuowei) November 7, 2021

I wasn’t eligible for the Novi beta (which requires you to be a resident of selected states in the US or Guatamala, and requires you to upload your photo ID).

To work around this, I:

  • rented a cloud server in California
  • modified the APK to replace “prod.novi.com” with my own server
  • disabled certificate pinning by adding a return-void to the function that throws the pinning error, trusted chain: error.
  • changed kyc_status in the login response to ONBOARDED

This allowed me to view… the settings screen, and that’s it. (The actual money UI is controlled by the server, and without a valid account, it just gives a blank homescreen)

Enabling feature flags in Novi’s Android app

https://twitter.com/zhuowei/status/1457420727838195728

https://twitter.com/zhuowei/status/1457428236774817796

If I enable every unreleased experiment flag in Facebook’s Novi wallet, I get a few extra settings for “Statements and Documents”, “Diem address”, “Sounds”, and “Linked accounts”:

Strings

I also pulled strings from both the Android and the iOS versions of the app:

Novi Card

Facebook’s Novi digital wallet includes text about a “Novi Card”, a Visa-compatible debit card to access your Novi balance:

https://twitter.com/zhuowei/status/1451644426221015041

QR linking

Facebook’s Novi wallet seems to let you link an account with a third party by scanning a QR code? I’m not sure what kind of third party this would support.

https://twitter.com/zhuowei/status/1451648546827030531

Buying Bitcoin

Facebook’s Novi wallet has text about… buying Bitcoin, for some reason:

https://twitter.com/zhuowei/status/1451647713150480390

Android strings

Here’s the strings.xml of the Novi Android APK if you want to see if there’s anything else interesting.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK