I am developing an Android app that selling mobile credits over the internet.
My app just keeps user credit card information and never saving any password.
I am in Iran and my country isn't accept any foreign banking system.So I can use only local payment system and I can't use any third party API out there over the Internet.
I'm struggling how to make my app secure according to PCI documentation.
I googling a lot and find some solution out there but I am not sure if it is an effective solution in Iran.
Here is some solutions that I found:
How to store data into Secure Element in android
Secure element Access Control on ICS 4.0.4
Java Card Applet and Host-based Card Emulation of Android Kitkat 4.4
PCI DSS compliant related to the Mobile Application payment
So any help will be appreciated.
Related
I want to build an app to transfer message history between iOS and Android.
Apple does not allow third party apps to access messages, but Samsung Smart Switch circumvents this by using either phone-to-phone USB connection or by accessing iCloud. Google phone transfer seems to do a similar thing.
How do these apps make this possible and is this something third party developers can do?
I don't think you can transfer things over like that from Android to Apple iPhone unless they give you the option when you are first setting up the iPhone to transfer contents over from android and it also transfers the messages.
Another option though it's been a long time since I have used an Android device. You could use something like https://messages.google.com/web to load up your android messages from your phone and possibly just export them and save them to your computer.
As for developing such a tool, working within the messages API for apple. I think you can only develop extensions or addons but can't directly access the content for security reasons. Without further research, the companies might be only allowing the company to do this via a contract between them, but would not let a 3rd party vendor such as you or I access this data.
https://developer.apple.com/app-store/review/guidelines/
Nowhere in the guidelines does it specify that you can't access the SMSes. But you can only access it if you use private methods which are not allowed and will get your app rejected.
You can only access data for which Apple supplies a documented API. You can not access files outside of the Sandbox of your App unless Apple provides an API for it.
Softwares(such as Mozilla Firefox, Thunderbird) can load opensc module(opensc-pkcs11.so on linux and opensc-pkcs11.dll on windows)and use all smart cards supported by OpenSC for authentication, signing and decryption. My question is how can we do the same thing in android(where to store opensc module, how to access an external token etc.). For example how can an application use opensc module to access a smartcard token with nfc and/or bluetooth interface.
I dont like to flash my android like in seek for android.
I request for any suggestions or examples. Thanks in advance.
I'm planning on developing a Web Based Point of Sale that I want to run on Android Tablets, however I'm not sure on how to deal with payment processing. Are there card readers that integrate with Android tablets and the web based POS software running on them? I'm planning on developing the POS using RoR and I'm not sure how will my web application integrate with the card reader? Moreover, I think there will be PCI compliance issues when it comes to Android tablets.
Assuming if I do not use Android Tablets and use a Touchscreen POS Monitor with an embedded card reader would it be possible for the client to swipe their cards which will get the web application to automatically fill out the form fields required for payment processing, which will expedite the checkout process, where eventually the customer will have to enter their CVV2 information and proceed with processing their payments. (Online payment gateway integrated in this scenario).
Kind of lost and want someone to help me make music out of noise please.
Thank you in advance for your assistance in this regards.
I am developing an android application and I want to store my data securely.
There are two way for that
Storing Sim card
Mobile security card
I want to use second one but I don't want to buy this card before I make sure it is useful for me.
I am running Google's SmartcardSample(svn) application.
But I get an error like this.
See this answer for using the SIM as Secure Element https://stackoverflow.com/a/9364030/156477 (Its not scalable solution at present).
This isn't Google's code, and the SEEK API isn't part of Android (out of the box). Have a look at http://code.google.com/p/seek-for-android/wiki/SmartcardAPI. You'll see at the bottom you need to rebuild your own version of the Android OS, and flash it to your device.
I notice you haven't tagged the question with NFC. I wonder, do you really need SmartCard support or do you just need to store data securely? The typical SmartCard use case is to use the phone for payment, or building access - know as NFC Card Emulation mode.
We continue to build our fairly small applications on Android, iPhone and other mobile operating systems. This is fine and fun in the beginning of a new era, but when mobile OS matures, gets to be the preferred device for business people in motion, they want something more.
One would guess they want the same access and capability to ERP, MRP, BI-solutions and other reporting systems in there phone, right here, right now. How would we as developers deliver these demands, in a secure yet useful way? Is there today support for this kind of applications given they are not today on the web?
EDIT: I understand the fact most EIS-solutions are web based. Still they are behind company gates, heavily garded by Cheif Information Security Officer (CISO) and his/her staff. Thus they are not accessible through the open unsecure internet but insede companies intranet or internal network. To my knowledge, accessing an EIS using an adress like https://www.thecompany.com/eis-solution/ signing in with username/password isn't done today. In the old days, a VPN-solution was one way to access inside EIS-solutions, but will this be done using a mobile device as well?
I cannot understand what distinction you are making. Oracle Financials -- for example -- is a web-based application. It requires username and password. It can be run in a "portal".
Most companies (even very small ones) use the Web-based deployment through Virtual Private Networks.
ERP, MRP, Financial and BI applications
Are web-based.
Are trivially available from mobile devices.
The vendors are starting to include appropriate changes for the small screen.
"business people in motion" have complete access to all web-based applications. All a company needs to do is (a) purchase or (b) convert their applications to the web.
And Oracle, IBM, CA, HP, SAP and many others have already made many of their applications web-enabled.