Ping, an enterprise browser made by Bangalore-based tech firm Futureflare Technologies, is coming under fire after winning ₹75 lakhs (roughly $83,000) in MeitY’s Indian Web Browser Development Challenge. Allegations are that the developers submitted a rebadged version of the popular and open-source Brave browser.
Ping’s website clearly states that the browser is based on Chromium, Google’s massively popular browser engine that powers almost every major browser worldwide, including Brave. However, the developers have not mentioned Brave anywhere on the official website. The alleged rebranding came to light when an Indian cybersecurity enthusiast known as DotSlashTX on X came across the project and took a deeper look at the browser’s main Windows executable. The EXE file revealed a directory structure very similar to Brave’s, prompting further investigation.
When compared against Brave’s directory structure, Ping was identical. To make matters worse, the terms of use on Ping’s website linked to their GitHub, which is a fork of the core Brave repository. The GitHub commit history revealed that the developers made significant changes to the project. A total of 319 commits and 2,169 changed files were found, with 322,313 additions and 182,715 deletions.
At this point, DotSlashTX and the team decided to archive as much information about the project as possible before proceeding. A closer look at the changes made to the repository revealed that most were either “minor cosmetic alterations” or syncing with the core Brave browser branch for Chromium updates.
According to DotSlashTX, apart from the PDF Signer feature, additional Root CA certifications, and a parental control extension, the repository is a “blatant” reskin of the core Brave browser repository. The developers went a step ahead and even changed the package names to distribute the browser as is on other platforms like Android, macOS, and iOS.
Removing any of Brave’s branding, logos, copyright, and other proprietary notices violates the browser’s terms of use. The commit comments also clearly state that the developers actively removed Brave branding from the browser and renamed packages.
Uday Bansal, founder of Ping, issued a clarification on X, claiming that the team mentioned in its early proposal that they were building their browser on top of Brave. Their source code also went through multiple rounds of evaluation and was closely analysed by the contest organisers. The intention was to build on the Brave stack for the competition, and the IWBDC submission differs from the enterprise-focused browser listed on their website.
However, in addition to breaching Brave’s terms of use, Ping also violates articles 10 and 12 of IWBDC’s rules and guidelines. The rules clearly state that “the solution should not violate/breach/copy already copyrighted, patented or existing products/tools/solutions.” While the participants are free to use free and open-source libraries for their solutions, they are “expected to make significant and original contributions in the browser/core engine before they reach the final round.”
Bansal’s X thread doesn’t address any of these concerns. Instead, he emphasised all the features and additions the team made to the core repository for the competition. He also claims that the team rebuilt and rebranded the browser across five different platforms and that this is “not a turnkey fork.”
Candid.Technology took a version of the Ping browser available on its website for download for a spin and found it identical to Brave in terms of the user interface and layout except for a few elements. Windows Defender SmartScreen also flagged the browser executable upon execution and last but not least, the latest executable from the company’s official website installs an outdated version of the browser with no evident way of updating.
The browser does prompt the user that it’s outdated and needs to be reinstalled for an update, but the embedded download link leads to a page with a 404 error. The enterprise version of the browser isn’t available for download at the time of writing.
In the News: Malware campaign infecting 20,000 WordPress sites discovered
