Ping Browser: A Deep Dive​

Introduction
Recently, a discussion between my team and I led us to explore various digital product ideas.
During this exploration, we came across Ping Browser (www.ping-browser.com), which
presents itself as an enterprise-focused web browser emphasizing security and control.

​
(fig. 0.1)
Claimed Features of Ping Browser
According to its website, Ping Browser offers the following features:

●​ Enterprise Browser with Security Focus: Built for businesses, integrating security and
policy controls.
●​ Data Loss Prevention (DLP) Capabilities: Detects and blocks malicious file
downloads, including those containing VBA macros.
●​ Enterprise-Grade Security & Compliance: Claims to offer advanced DLP structures
and logging for compliance.
●​ Enhanced Privacy Based on Chromium: Supports Chrome extensions while removing
Google's ad-tracking elements.
●​ No Cost for an Ad-Free Experience: Unlike other browsers that charge for privacy
features, Ping Browser is free and supports ad-blocking.
●​ Customizability & User Control: Users can modify search engines, delete browsing
data, and set custom homepages.
●​ Standalone Browser vs. Extensions: Argues that a dedicated browser provides better
security than extensions.
●​ Future-Oriented Enterprise Security: Aligns with Gartner’s prediction that enterprise
browsers will be central to security by 2030.

​
(fig. 0.2)
Investigating the Installers
Upon closer analysis, evidence suggests that Ping Browser is a clear fork of Brave Browser,
with only minor cosmetic changes:

●​ Identical Codebase: The browser appears to be a rebranded version of Brave, rather

Initially, the ping_installer.exe was opened as an archive using 7zip, and the following file
structure was presented to us.​
Given in the following archive, we noticed an unusual filename. (here, brave.exe is a
pre-existing and well-known privacy-focused browser with a user base of more than 82 Million
active monthly users. Source: https://taptwicedigital.com/blog/brave-usage )

Within the same archive, we also noticed a folder with usual chromium versioning, nothing
suspicious here, until we decided to dig further down the rabbit hole.

​
(fig. 1.1)

​
The assumption is our enemy, so why not look into the file structure of the browser from where
the name (could’ve been or) was borrowed, better, copied.​

We’ll go with Ping Browser’s own file structure, here is what it looks like in the below
screenshot. (fig. 1.2)

​
(fig. 1.2)​
​

Moving further to that of Brave Browser, here is the finding attached to the screenshot (fig. 1.3)
 ​
(fig. 1.3)
What is Ping?​
​
It was all just a curious research on an alleged privacy focussed browser and we were not so
involved into this until the Social Media fiasco unfolded.

Few of the tweets suggested that the company has been in existence since quite a good time
like the one below:
​

(fig. 2.1)

Few tweets suggest that they are actually into security research:​

(fig. 2.2)
We decided to look further into what the company is up to, and found their GitHub account that
can be found here from their official website on the Terms of Use page at Point #3, Privacy and
Policies, if it still exists, in case it goes down, here is the link to the web archive.

(fig. 2.3)
The repository suggests that the ping-core repository is a clone of Brave Browser’s own
brave-core repository.

(fig. 2.4)

Commit history suggests a lot, 319 commits, 2,169 changed files with 322,313 additions and
182,715 deletions, this information can be verified here.

(fig. 2.5)
Everything was going perfectly fine and we decided to call it a day, before finishing the meet, we
received a screenshot by one of the team members, a LinkedIn post.​
​

(fig. 2.6)

Now that is something that intrigued us to rethink either we are limited by the scope of our
thinking or they’ve genuinely created something of value in such a short time (kudos to the
team, “IF” true)... (foreshadowing)

The faces in the screenshot (fig. 2.6) have been blurred intentionally.
Investigating the Codebase (where available)

We decided to dig further through the source code and the commits, we had to make sure that
this is an actual product built from scratch and if Brave allows developers to reuse their code in
such a manner, and if so, up to what extent.

From an overview of the GitHub repo, it seems that the team has put in hard work and did 319
commits (fig 2.7) over the brave-core repo. Impressed by the numbers, we decided to look into
the code base and see what all was changed and altered/added.

(fig 2.7)

The nature of commits varies from minor cosmetics alterations to syncing up with the upstream
brave-core branch for updating the chromium version.
Upon looking into the merged PRs, the picture started becoming clearer. Our initial hunch was
pretty much on point.

Except for the addition of “PDF Signer”, additional Root CA Certificates, and “Parental
Control” (Extension, not a feature) (none of which is even advertised or provided
information for on the product page), it’s a blatant reskin/rebadging of Brave browser.
The majority of the commits are for replacing URLs belonging to Brave with URLs of the Ping
Browser FAQ page. Pretty much, the word “brave/Brave” was replaced with “ping/Ping”
throughout the codebase.
Even went ahead and changed package names to distribute applications on mobile platforms
(APKs and iOS)

interesting descriptions in provisioning profiles btw.

Fine for branding purposes. Or is it??

Well the ping browser team didn’t change any logo or trademarked items. Right?
Which raises a question. Was this all allowed in the competition itself? Nobody can answer it
better than the rules and guidelines at https://iwbdc.in/#terms_conditions
version.txt (Brave)
version.txt (Ping Browser) (When did the company become “Ping Software, Inc.”??)
Final Thoughts

If you're considering using such web browsers for its security and enterprise-focused claims, a
careful review is advised. Transparency, originality, and genuine innovation should be the
foundation of any security-focused product, and users should always verify the legitimacy of
such claims before adoption.

Most importantly, a prize money of INR 75,00,000/- (or ~US $88,000/-) is nothing but a waste of
tax-payer money for such a whitelabeling venture.

Conclusion: A Brave White Labelling