Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

People like fancy interface Apps and they may not know how secure those Apps are. It's developers' responsibility to keep credential data safe and sound. But guess what??? Boss don't want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

Let's take a look at some Electronic Payment App and see how secure it is.

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

Don't get me wrong. I'm not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize too much the importance of secuirty.

Electronic Payment App analysis的更多相关文章

  1. Take advantage of Checkra1n to Jailbreak iDevice for App analysis

    An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone ...

  2. Bitcoin: A Peer-to-Peer Electronic Cash System

    Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto October 31, 2008 Abstract A purely p ...

  3. packettotal.com - PacketTotal - A Free Online PCAP Analysis Engine

    找相似的pcap文件:https://packettotal.com/app/analysis?id=aff96903aae4b73364e027c8a3e85060&name=similar ...

  4. Oracle Global Finanicals Technical Reference(一个)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  5. Oracle Global Finanicals Technical Reference(一)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  6. 央行辟谣未发行“DC/EP”和“DCEP” 法定数字货币仍在测试阶段

    http://www.sohu.com/a/354709423_100157595 近期,中国央行再度就法定数字货币发布公告,指出目前系统仍处于研究测试过程中,市场上交易“DC/EP”或“DCEP”均 ...

  7. [转帖]DCEP究竟是什么?

    DCEP究竟是什么? https://www.cnblogs.com/kaixin2018/p/11795534.html DCEP (Digital Currency Electronic Paym ...

  8. DCEP究竟是什么?

    DCEP (Digital Currency Electronic Payment) 数字货币电子支付工具 DCEP将由中国人民银行推出,推出时间待定. DCEP是使用区块链技术的一种联盟链,为全新的 ...

  9. bitcoin01

    bitcoin, blockchain 本文只是初步表面认识比特币的笔记... 详细信息请看相关链接. 比特币除了耗电,耗硬盘存储空间,还有无法预测,无法控制的风险. 1. Satoshi_Nakam ...

随机推荐

  1. GROUP与HAVING的使用

    SELECT pub_name, state,SUM(state) AS 总数 FROM publishers GROUP BY pub_name, state HAVING SUM(state)&g ...

  2. Quant的笑话

    Q) Why was the FX quant so unlucky with the ladies?A) Because he always kept his dates short. Q) Why ...

  3. 在Windows上运行InfoPi

    一.安装Python Python官网的下载页面:  https://www.python.org/downloads/ 请下载Python 3.4或以上版本. (Python 3.5已不再支持Win ...

  4. C-随笔

    C语言的设计哲学之一: 程序员知道自己在干什么-没有安全带! 值的类型并不是值的内在本质, 而是取决于它被使用的方式 1.#include <stdio.h>在预处理器处理的时候把stdi ...

  5. visual studio code

    偏好设置: "editor.fontSize": 26, "editor.tabSize": 8, "editor.mouseWheelZoom&qu ...

  6. 【组合数学】 02 - Möbius反演公式

    计数问题种类繁多,为了避免陷入漫无目的烧脑运动,我们先需要关注一些常用方法和结论.数学的抽象性和通用性是我们一直推崇的,从诸多特殊问题中发现一般性的方法,也总会让人兴奋和慨叹.一般教材多是以排列组合开 ...

  7. B 最熟悉的陌生人 (纪念当年就读的梅州市江南高级中学)

    最熟悉的陌生人 作者:张慧桥 枪与玫瑰 我看了一下聊天室的名单,哈哈哈,我不禁喜出望外:蝶恋花那丫头片子挂在线上呢,真是天助我也.初时的担心一扫而光,我精神抖擞地喝下一大口咖啡,猛抽了三口烟,现在的我 ...

  8. day25、 静态属性、类方法、静态方法、组合、继承、

    一. 静态属性.类方法.静态方法 1.1静态属性 class Room: def __init__(self,name,owner,width,length): self.name=name self ...

  9. js封装、简单实例源码记录

    1.运动封装:doMove ( obj, attr, dir, target, endFn )  加入回调.&&.||用法注释 <script> var oBtn1 = d ...

  10. 【MySQL】排序原理与案例分析

    前言 排序是数据库中的一个基本功能,MySQL也不例外.用户通过Order by语句即能达到将指定的结果集排序的目的,其实不仅仅是Order by语句,Group by语句,Distinct语句都会隐 ...