Electronic Payment App analysis

Posted 2020-08-12 Pieces0310

Electronic Payment App is getting more and more popular now. People don\'t have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

 

People like fancy interface Apps and they may not know how secure those Apps are. It\'s developers\' responsibility to keep credential data safe and sound. But guess what??? Boss don\'t want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

 

Let\'s take a look at some Electronic Payment App and see how secure it is.

 

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

 

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

 

Don\'t get me wrong. I\'m not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize too much the importance of secuirty.