A new version of Google Pay is rolling out, but outside of minor tweaks here and there, you're probably not going to spot any big changes. The big news this time is that we're probably going to see an Incognito mode added to Pay in the future, making it a bit easier to make purchases in private without tipping off anybody with your transaction history.

Teardown

Disclaimer: Teardowns are based on evidence found inside of apks (Android's application package) and are necessarily speculative and usually based on incomplete information. It's possible that the guesses made here are wrong or inaccurate. Even when predictions are correct, there is always a chance that products could change or may be canceled. Much like rumors, nothing is certain until it's officially announced and released.

The features discussed below are probably not live yet, or may only be live for a small percentage of users. Unless stated otherwise, don't expect to see these features if you install the apk. All screenshots and images are real unless otherwise stated, and images are only altered to remove personal information.

Incognito mode

Anonymity has become a beloved feature for some browsers and apps over the years. Google wasn't the first to come up with an Incognito mode when it was added to Chrome, but it was by far the most notable. In the last couple of years, Google has been expanding Incognito mode to other apps, including YouTube, Maps, and even Gboard. Now it looks like Google Pay may be the next to enable a privacy-focused mode designed to forget your activities.

New text in the app labels a toggle for turning Incognito mode on or off. There are new layouts and other related resources, as well. Like most other apps with this capability, it looks like you will be able to turn on Incognito mode in the account switcher menu.

<string name="og_turn_off_incognito">Turn off incognito</string>
<string name="og_turn_on_incognito">Turn on incognito</string>/layout/incognito_action_list_item.xml
/layout/incognito_off_account_menu.xml

There's no text explaining what precisely happens in Google Pay's Incognito mode, but I would have to assume it will basically ignore payments made on a card so they won't appear in the transaction history.

Why would you want this? My best guess is that it's ideal when you're shopping for gifts and want to hide the specific activity from somebody that has access to your phone. For example, it's probably going to ruin the surprise if you glance at the recent purchases and spot a big bill from Rolex.

Preparations for face unlock

While we're still uncertain if the Pixel 4 will have an in-display fingerprint reader — we know there isn't one on the back of the phone — Google has already confirmed that the phone will highlight face unlock as a security measure. Up until now, Google Pay's settings generally call for a fingerprint as an alternative to PIN codes, but in light of changes to the smartphone landscape, the wording is going to be adjusted to be a little more permissive.

--old
<string name="p2p_fingerprint_switch_description">Use fingerprint instead of PIN</string>
--new
<string name="p2p_fingerprint_switch_description">Require a confirmation</string>
<string name="p2p_fingerprint_switch_description_alt">Use biometric authentication, like your face or fingerprint, instead of PIN</string>

There's not much more to it than that, an existing setting will no longer explicitly focus on fingerprints and PIN codes, but will broadly ask for biometric authentication and mention face or fingerprint as examples.

Rooting and ROMs are substandard

Relationships have always been pretty strained between some of Google's product teams and users that choose to root or ROM their phones. On the one hand, great innovations have come from the modding community; and on the other, it's easier to keep malicious software from causing serious problems if there aren't obvious targets for bypassing security.

No product has had a more contentious issue with modders than Google Pay, which has a long history of restricting tap-and-pay activity on rooted phones. Historically, error messages generally call these "uncertified" devices, but this update added a few new lines with some phrasing that may not convey quite the message that had been intended. It appears that if a device fails a SafetyNet check, the resulting message will tell you that your device "doesn't meet software standards."

<string name="fails_attestation_title">Your phone doesn’t meet software standards</string>
<string name="fails_attestation_body">Your phone can’t make contactless payments as it isn't passing security checks. Your phone may be rooted, or running uncertified or custom software. You can still use Google Pay to pay online and send money to friends.</string>
<string name="passes_attestation_title">Your phone is ready to make contactless payments</string>
<string name="attestation_notification_title">Your phone is no longer ready for contactless payments</string>
<string name="attestation_notification_body">Check if your device meets software standards</string>

I doubt this was intended to insult members of the modding community, but this does read a little derogatory — basically, it implies root and custom ROMs are of poor quality. If anybody from the Pay team is reading, may I suggest rephrasing.

Download

The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.