Contents

Security Considerations

 

Under default configuration, the SDK already incorporates the following security measures:

 

However, when developing your app, you are responsible for reviewing and implementing the following security considerations:

 


 

Android’s Security Best Practices

Android provides documentation on how to enforce secure communication, store data safely and keep services / dependencies up to date.
Click here to learn more.

 


 

App shrinking and obfuscation

Obfuscation is a process of shortening the name of classes and members, which results in reduced DEX file sizes. Additionally, obfuscated code is harder to read and understand in the case of a reverse engineering attempt. Our Mobile SDK provides ProGuard rules that will be applied automatically or can be copy and pasted into your app’s ProGuard rules file (depending on project configuration). The Mobile SDK is not obfuscated by itself, so it’s highly recommended to obfuscate the app that integrates the SDK before releasing.
Click here to learn more.

 


 

OWASP Top 10

The Open Web Application Security Project (OWASP) maintains a regularly-updated list of the most pressing web application security concerns. We strongly recommend you follow their latest guidelines. Click here to learn more.

 


 

PCI Compliance

When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. Click here to learn more.