Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

People like fancy interface Apps and they may not know how secure those Apps are. It's developers' responsibility to keep credential data safe and sound. But guess what??? Boss don't want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

Let's take a look at some Electronic Payment App and see how secure it is.

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

Don't get me wrong. I'm not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize too much the importance of secuirty.

Electronic Payment App analysis的更多相关文章

  1. Take advantage of Checkra1n to Jailbreak iDevice for App analysis

    An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone ...

  2. Bitcoin: A Peer-to-Peer Electronic Cash System

    Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto October 31, 2008 Abstract A purely p ...

  3. packettotal.com - PacketTotal - A Free Online PCAP Analysis Engine

    找相似的pcap文件:https://packettotal.com/app/analysis?id=aff96903aae4b73364e027c8a3e85060&name=similar ...

  4. Oracle Global Finanicals Technical Reference(一个)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  5. Oracle Global Finanicals Technical Reference(一)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  6. 央行辟谣未发行“DC/EP”和“DCEP” 法定数字货币仍在测试阶段

    http://www.sohu.com/a/354709423_100157595 近期,中国央行再度就法定数字货币发布公告,指出目前系统仍处于研究测试过程中,市场上交易“DC/EP”或“DCEP”均 ...

  7. [转帖]DCEP究竟是什么?

    DCEP究竟是什么? https://www.cnblogs.com/kaixin2018/p/11795534.html DCEP (Digital Currency Electronic Paym ...

  8. DCEP究竟是什么?

    DCEP (Digital Currency Electronic Payment) 数字货币电子支付工具 DCEP将由中国人民银行推出,推出时间待定. DCEP是使用区块链技术的一种联盟链,为全新的 ...

  9. bitcoin01

    bitcoin, blockchain 本文只是初步表面认识比特币的笔记... 详细信息请看相关链接. 比特币除了耗电,耗硬盘存储空间,还有无法预测,无法控制的风险. 1. Satoshi_Nakam ...

随机推荐

  1. JS中正则匹配的三个方法match exec test的用法

    javascript中正则匹配有3个方法,match,exec,test: match是字符串的一个方法,接收一个RegExp对象做为参数: match() 方法可在字符串内检索指定的值,或找到一个或 ...

  2. (转) 变分自编码器(Variational Autoencoder, VAE)通俗教程

    变分自编码器(Variational Autoencoder, VAE)通俗教程 转载自: http://www.dengfanxin.cn/?p=334&sukey=72885186ae5c ...

  3. webpack es6 to es5支持配置

    1. 安装webpack npm install webpack --save-dev 2. 安装babel  实现 ES6 到 ES5 npm install --save-dev babel-co ...

  4. jQuery中,$('#main') 与 document.getElementById('main')是什么样的关系-转

    $('#main')[0]和document.getElementById('main')两个一模一样.解释:$('#main'):是一个jquery写法,#main是一个过滤器表示方法,表示查找一个 ...

  5. Three.js开发指南---使用three.js里的各种光源(第三章)

    本章的主要内容 1 three.js有哪些可用的光源 2 什么时候用什么光源. 3 如何调整配置各种光源 4 如何创建镜头炫光 一 光源 光源大概有7种, 其中基础光源有4种 环境光(AmbientL ...

  6. win 安装mysql

    windows上安装sql最容易出现 1067错误,网上查了很多,大部分都是误导.现在将验证过的步骤总结如下: 1.下载mysql,我用的是mysql-5.6.24-win32 下载后解压,进入到bi ...

  7. asp.net动态设置标题title 关键字keywords 描述descrtptions

    推荐的简单做法如下: protected void Page_Load(object sender, EventArgs e){//Page titlePage.Title = "This ...

  8. 【转载】Keil中的USE MicroLib说明

    在keil建立ARM的工程时 其中有一项是选 use MicroLIB 由于对KEIL不是很熟悉,于是就查了查,得到了以下信息: microlib 是缺省 C 库的备选库. 它旨在与需要装入到极少量内 ...

  9. [原]JQuery mobile CSS 文件组织

    从 JQuery mobile 1.4 开始, CSS 由3个部分组成,分别是 Icons.Theme和Structure jquery.mobile-1.4.x.css:  包括了 <标准图标 ...

  10. 使用Java的Timer处理周期性任务

    package timer; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; ...