1. Trust Payments
  2. TRU Connect
  3. Android SDK

Security and Stability Considerations for Android apps

  Last updated: 
Under default configuration, the SDK already incorporates the following security measures:
  • Prevention of automatically generated screenshots to avoid sensitive card details from being captured on the device.
  • Jailbreak detection, to disable the SDK functionalities due to the security concerns that can arise from a jailbroken system.

However, when developing your app, you are responsible for reviewing and implementing the following security considerations:

 

Android’s Security Best Practices

Android provides documentation on how to enforce secure communication, store data safely and keep services / dependencies up to date.
Read Android best practices.

 

App shrinking and obfuscation

Obfuscation is a process of shortening the name of classes and members, which results in reduced DEX file sizes. Additionally, obfuscated code is harder to read and understand in the case of a reverse engineering attempt. Our Mobile SDK provides ProGuard rules that will be applied automatically or can be copy and pasted into your app’s ProGuard rules file (depending on project configuration). The Mobile SDK is not obfuscated by itself, so it’s highly recommended to obfuscate the app that integrates the SDK before releasing.
Learn more about app shrinking.

 

OWASP Top 10

The Open Web Application Security Project (OWASP) maintains a regularly updated list of the most pressing web application security concerns. We strongly recommend you follow their latest guidelines. View the OWASP Top 10.

 

PCI Compliance

When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. Learn more about PCI compliance.

 

Minimising app during payment session

There is currently no way for the Mobile SDK to store the current state of the payment session. Therefore, if your app is minimized for a prolonged period (e.g. a few hours), the phone’s OS may close the browser session to better optimise memory usage for other apps and the state of the transaction may potentially be lost.

Was this article helpful?
0 out of 0 found this helpful
Avatar
Michael Buckley