Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smartphones and they could go shopping, check bills and dining in restaurants. It very convenient but some security issue occurs.

People like fancy interface Apps and they may not know how secure those Apps are. It's developers' responsibility to keep credential data safe and sound. But guess what??? Boss don't want extra costs for developers writing more secure Apps. Fancy interface is more important than security. No need to waste time and efforts for security.

Let's take a look at some Electronic Payment App and see how secure it is.

Extract the package folder of allPay from a smartphone and take a look at shared preference files.

To my surprise that login accout is stored in share preference xml files. Poor lazy developers~ At least you should hash or encrypt those credential data such as account or phone numbers or e-mail.

Don't get me wrong. I'm not trying to say this Electronic Payment App is not secure enough. Actually allPay is doing well on security such as Certificate Pinning and so on. We cannot emphasize too much the importance of secuirty.

Electronic Payment App analysis的更多相关文章

  1. Take advantage of Checkra1n to Jailbreak iDevice for App analysis

    An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone ...

  2. Bitcoin: A Peer-to-Peer Electronic Cash System

    Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto October 31, 2008 Abstract A purely p ...

  3. packettotal.com - PacketTotal - A Free Online PCAP Analysis Engine

    找相似的pcap文件:https://packettotal.com/app/analysis?id=aff96903aae4b73364e027c8a3e85060&name=similar ...

  4. Oracle Global Finanicals Technical Reference(一个)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  5. Oracle Global Finanicals Technical Reference(一)

    Skip Headers Oracle Global Finanicals Oracle Global Financials Technical Reference Manual Release 11 ...

  6. 央行辟谣未发行“DC/EP”和“DCEP” 法定数字货币仍在测试阶段

    http://www.sohu.com/a/354709423_100157595 近期,中国央行再度就法定数字货币发布公告,指出目前系统仍处于研究测试过程中,市场上交易“DC/EP”或“DCEP”均 ...

  7. [转帖]DCEP究竟是什么?

    DCEP究竟是什么? https://www.cnblogs.com/kaixin2018/p/11795534.html DCEP (Digital Currency Electronic Paym ...

  8. DCEP究竟是什么?

    DCEP (Digital Currency Electronic Payment) 数字货币电子支付工具 DCEP将由中国人民银行推出,推出时间待定. DCEP是使用区块链技术的一种联盟链,为全新的 ...

  9. bitcoin01

    bitcoin, blockchain 本文只是初步表面认识比特币的笔记... 详细信息请看相关链接. 比特币除了耗电,耗硬盘存储空间,还有无法预测,无法控制的风险. 1. Satoshi_Nakam ...

随机推荐

  1. HTML5画布实现方法:

    我们可以在HTML中使用属性width和height来定义Canvas.但是实现Canvas的相关功能主要还依赖于Javascript实现,即HTML5 Canvas API.我们使用javascri ...

  2. oracle中的rownum

    1.oracle存在rownum关键字,它是一个伪列(系统分配在结果集上的一个特殊列) SELECT * FROM  oracleTable WHERE ROWNUM=1 上面这条语句是能够查询出第一 ...

  3. login

    package addresslist; import java.awt.EventQueue; import java.awt.Graphics; import java.awt.event.Act ...

  4. Web跨域问题总结

    一.跨域问题的由来为了防止某些文档或脚本加载别的域下的未知内容造成泄露隐私,破坏系统等安全行为,1995年, Netscape 公司在浏览器中引入同源策略/SOP(Same origin policy ...

  5. C#模拟键盘事件

    public partial class Form1 : Form { public Form1() { InitializeComponent(); } [DllImport("USER3 ...

  6. tp根据数据库动态创建微信菜单

    喻可伟的博客   tp根据数据库动态创建微信菜单 $button = array();$class = M('ucenter_menu')->limit(3)->select();//取出 ...

  7. HackerRank "Fair Rations"

    Another fun Greedy problem to work on: we simply go from first to second last person, as long someon ...

  8. ruby 中%Q %q %W %w %x %r %s的用法

    %Q 用于替代双引号的字符串. 当你需要在字符串里放入很多引号时候, 可以直接用下面方法而不需要在引号前逐个添加反斜杠 (\") >> %Q(Joe said: "Fr ...

  9. Python 网络编程(一)

    Python 网络编程 socket通常也称作"套接字",用于描述IP地址和端口,是一个通信链的句柄,应用程序通常通过"套接字"向网络发出请求或者应答网络请求. ...

  10. Codeforces Round #377 (Div. 2) D. Exams(二分答案)

    D. Exams Problem Description: Vasiliy has an exam period which will continue for n days. He has to p ...