- Prevention of automatically generated screenshots to avoid sensitive card details from being captured on the device.
-
Jailbreak detection, to disable the SDK functionalities due to the security concerns that can arise from a jailbroken system.
However, when developing your app, you are responsible for reviewing and implementing the following security considerations:
Android’s Security Best Practices
Android provides documentation on how to enforce secure communication, store data safely and keep services / dependencies up to date.
Click here to learn more.
App shrinking and obfuscation
Obfuscation is a process of shortening the name of classes and members, which results in reduced DEX file sizes. Additionally, obfuscated code is harder to read and understand in the case of a reverse engineering attempt. Our Mobile SDK provides ProGuard rules that will be applied automatically or can be copy and pasted into your app’s ProGuard rules file (depending on project configuration). The Mobile SDK is not obfuscated by itself, so it’s highly recommended to obfuscate the app that integrates the SDK before releasing.
Click here to learn more.
OWASP Top 10
The Open Web Application Security Project (OWASP) maintains a regularly-updated list of the most pressing web application security concerns. We strongly recommend you follow their latest guidelines. Click here to learn more.
PCI Compliance
When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. Click here to learn more.
Minimising app during payment session
There is currently no way for the Mobile SDK to store the current state of the payment session. Therefore if your app is minimized for a prolonged period (e.g. a few hours), the phone’s OS may close the browser session to better optimise memory usage for other apps and the state of the transaction may potentially be lost.