Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it secure that store creadit card info on android?

In my approach, at first time user wants to pay by credit card, he must reenter his login password and full credit card info.

after success paid, I generate a random key, pack it as a keystore, finally store keystore file at internal storage, this keystore file is locked by user's login password. on the other hand, credit card info will be encrypted by this key and turn into a Base64 encoded string, finally write into a file in internal storage.

at next time pay by credit card, user also must reenter his login password, so I can use it to unlock the keystore file and extract key. at this point, I has ability to decrypt user's credit card info.

above is my approach to secure credit card info stored on device, is it secure?

like image 647
Lin Yu Cheng Avatar asked Oct 06 '22 05:10

Lin Yu Cheng


1 Answers

DO NOT save user credit card data on a device! There's just no way to make it secure. Rooted phones can be a even more easier way for apps to access sensitive data. A device can get lost or stolen. You'll have to implement a secure user login to your server and store the CC data there.

Try using this http://developer.authorize.net/downloads/

like image 138
Royston Pinto Avatar answered Oct 10 '22 02:10

Royston Pinto