首页 > 代码库 > Electronic Payment App analysis

Electronic Payment App analysis

Electronic Payment App is getting more and more popular now. People don‘t have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

 

People like fancy interface Apps and they may not know how secure those Apps are. It‘s developers‘ responsibility to keep credential data safe and sound. But guess what??? Boss don‘t want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

 

Let‘s take a look at some Electronic Payment App and see how secure it is.

技术分享

 

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

技术分享

 

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

技术分享

 

Don‘t get me wrong. I‘m not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize the importance of secuirty.

 

Electronic Payment App analysis