Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

People like fancy interface Apps and they may not know how secure those Apps are. It's developers' responsibility to keep credential data safe and sound. But guess what??? Boss don't want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

Let's take a look at some Electronic Payment App and see how secure it is.

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

Don't get me wrong. I'm not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize too much the importance of secuirty.

Electronic Payment App analysis的更多相关文章

  1. Take advantage of Checkra1n to Jailbreak iDevice for App analysis

    An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone ...

  2. Bitcoin: A Peer-to-Peer Electronic Cash System

    Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto October 31, 2008 Abstract A purely p ...

  3. packettotal.com - PacketTotal - A Free Online PCAP Analysis Engine

    找相似的pcap文件:https://packettotal.com/app/analysis?id=aff96903aae4b73364e027c8a3e85060&name=similar ...

  4. Oracle Global Finanicals Technical Reference(一个)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  5. Oracle Global Finanicals Technical Reference(一)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  6. 央行辟谣未发行“DC/EP”和“DCEP” 法定数字货币仍在测试阶段

    http://www.sohu.com/a/354709423_100157595 近期,中国央行再度就法定数字货币发布公告,指出目前系统仍处于研究测试过程中,市场上交易“DC/EP”或“DCEP”均 ...

  7. [转帖]DCEP究竟是什么?

    DCEP究竟是什么? https://www.cnblogs.com/kaixin2018/p/11795534.html DCEP (Digital Currency Electronic Paym ...

  8. DCEP究竟是什么?

    DCEP (Digital Currency Electronic Payment) 数字货币电子支付工具 DCEP将由中国人民银行推出,推出时间待定. DCEP是使用区块链技术的一种联盟链,为全新的 ...

  9. bitcoin01

    bitcoin, blockchain 本文只是初步表面认识比特币的笔记... 详细信息请看相关链接. 比特币除了耗电,耗硬盘存储空间,还有无法预测,无法控制的风险. 1. Satoshi_Nakam ...

随机推荐

  1. js中二维数组的初始化

    在编程过程中,很多情况下(涉及到坐标.层级操作)我们都会用到二维数组,下面介绍介绍几种二维数组初始化的方法: 方法一.直接定义并且初始化,这种情况适用于数量和值已知的数组: var arr=[[&qu ...

  2. openssl 升级

    openssl version -a rpm -q --changelog  openssl | grep CVE bash -version #!/bin/bash if [[ $EUID -ne ...

  3. Shell编程菜鸟基础入门笔记

    Shell编程基础入门     1.shell格式:例 shell脚本开发习惯 1.指定解释器 #!/bin/bash 2.脚本开头加版权等信息如:#DATE:时间,#author(作者)#mail: ...

  4. 利用 chrome 做本地HTML5全屏应用

    现在HTML5已经很强大了,如何让网页看起来像本地应用呢?仅chrome浏览器就可以实现.(但当然只能使用HTML的功能,不能操作本地系统) 以百度为例: 使用chrome打开百度 https://w ...

  5. OpenStack部署工具总结

    目前感觉比较简单直观的部署工具有RDO.devstack.Fuel等: 1. RDO https://openstack.redhat.com/Quickstart REDHAT出品,支持Redhat ...

  6. JMeter Webservice测试计划

    一.新建测试计划:HelloWorld测试计划 二.添加线程组 编辑线程组属性: 三.添加 SOAP/ XML-RPC 请求元素 四.填入url地址及请求报文 此处的请求报文,是用soapUI生成的, ...

  7. Nginx去除版本号

    1.在配置文件中的 http节点中加入server_tokens off; 2.更改源码隐藏nginx软件的名称 1). 查看Nginx编译的参数/usr/local/nginx/sbin/nginx ...

  8. HDU 1556 Color the ball(线段树区间更新)

    Color the ball 我真的该认真的复习一下以前没懂的知识了,今天看了一下线段树,以前只会用模板,现在看懂了之后,发现还有这么多巧妙的地方,好厉害啊 所以就应该尽量搞懂 弄明白每个知识点 [题 ...

  9. Windows服务定时执行方式

    采用System.Timers.Timer 间隔固定时间执行 方式一:间隔固定的时间执行一次,关键代码: protected override void OnStart(string[] args) ...

  10. Python基础(二)之模块

    模块:人们写好的一系列用于实现某种功能的代码封装起来,需要使用的时候直接调用即可. 模块分类:标准模块.第三方模块 标准模块:不需要安装,直接调用即可 第三方模块:需要安装后才可使用 注意:自己创建的 ...