Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

People like fancy interface Apps and they may not know how secure those Apps are. It's developers' responsibility to keep credential data safe and sound. But guess what??? Boss don't want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

Let's take a look at some Electronic Payment App and see how secure it is.

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

Don't get me wrong. I'm not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize too much the importance of secuirty.

Electronic Payment App analysis的更多相关文章

  1. Take advantage of Checkra1n to Jailbreak iDevice for App analysis

    An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone ...

  2. Bitcoin: A Peer-to-Peer Electronic Cash System

    Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto October 31, 2008 Abstract A purely p ...

  3. packettotal.com - PacketTotal - A Free Online PCAP Analysis Engine

    找相似的pcap文件:https://packettotal.com/app/analysis?id=aff96903aae4b73364e027c8a3e85060&name=similar ...

  4. Oracle Global Finanicals Technical Reference(一个)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  5. Oracle Global Finanicals Technical Reference(一)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  6. 央行辟谣未发行“DC/EP”和“DCEP” 法定数字货币仍在测试阶段

    http://www.sohu.com/a/354709423_100157595 近期,中国央行再度就法定数字货币发布公告,指出目前系统仍处于研究测试过程中,市场上交易“DC/EP”或“DCEP”均 ...

  7. [转帖]DCEP究竟是什么?

    DCEP究竟是什么? https://www.cnblogs.com/kaixin2018/p/11795534.html DCEP (Digital Currency Electronic Paym ...

  8. DCEP究竟是什么?

    DCEP (Digital Currency Electronic Payment) 数字货币电子支付工具 DCEP将由中国人民银行推出,推出时间待定. DCEP是使用区块链技术的一种联盟链,为全新的 ...

  9. bitcoin01

    bitcoin, blockchain 本文只是初步表面认识比特币的笔记... 详细信息请看相关链接. 比特币除了耗电,耗硬盘存储空间,还有无法预测,无法控制的风险. 1. Satoshi_Nakam ...

随机推荐

  1. login

    package addresslist; import java.awt.EventQueue; import java.awt.Graphics; import java.awt.event.Act ...

  2. python logging模块

    1.logging模块提供了四个组件logger:日志类,有两个功能1)配置日志的等级,处理器handler,过滤器filterlogger.setLevel(logging.INFO)logger. ...

  3. Reed-Solomon码,QR

    原文: Reed–Solomon codes for coders参考: AN2407.pdfWIKI: 里德-所罗门码实现:Pypi ReedSolo #译注:最近看到了RS码,发现还挺有意思的,找 ...

  4. photoshop, 钢笔上色

    photoshop中用 钢笔工具 勾好轮廓后,使用 路径选择工具 选中轮廓,右键弹出菜单中选 创建矢量蒙板,然后就可以在区域内用 笔刷工具 涂抹上色,不用担心出界了. ----补充2017-1-2 将 ...

  5. Microsoft Visual Studio 2012注册密钥

    Microsoft Visual Studio Ultimate 2012 旗舰版 有效注册密钥:YKCW6-BPFPF-BT8C9-7DCTH-QXGWCMicrosoft Visual Studi ...

  6. atom 调用g++编译cpp文件

    atom 有script插件可以直接调用很多编译器,试了很多次一直出问题找不到文件,查了文档之后发现script只支持OSX和linux. 所以,还是使用gpp-compiler比较靠谱 gpp-co ...

  7. vlc 在ie11 中的addEventListener事件不触发

    在vlc控件中触发一事件,在IE11之前的版本使用attachEvent注册一个回调函数后IE11可以捕获到事件,但IE11中提示attachEvent不支持.经查询发现IE11已经去掉了attach ...

  8. gcc警告: warning: dereferencing type-punned pointer will break strict-aliasing rules

    Q: 在高优化级别下,不同类型指针之间的强制类型转换可能会触发以下警告: warning: dereferencing type-punned pointer will break strict-al ...

  9. JSON转Dictionary

    方法很简单,留作以后使用. System.Web.Script.Serialization.JavaScriptSerializer serializer = new System.Web.Scrip ...

  10. windows使用nginx实现网站负载均衡测试实例

    如果你关注过nginx,必定知道nginx这个软件有什么用的,如果你的网站访问量越来越高,一台服务器已经没有办法承受流量压力,那就增多几台服务器来做负载吧.做网站负载可以买硬件设备来实现,比如F5,不 ...