5

In my approach, at first time user wants to pay by credit card, he must reenter his login password and full credit card info.

after success paid, I generate a random key, pack it as a keystore, finally store keystore file at internal storage, this keystore file is locked by user's login password. on the other hand, credit card info will be encrypted by this key and turn into a Base64 encoded string, finally write into a file in internal storage.

at next time pay by credit card, user also must reenter his login password, so I can use it to unlock the keystore file and extract key. at this point, I has ability to decrypt user's credit card info.

above is my approach to secure credit card info stored on device, is it secure?

Lin Yu Cheng
  • 667
  • 9
  • 21

3 Answers3

2

DO NOT save user credit card data on a device! There's just no way to make it secure. Rooted phones can be a even more easier way for apps to access sensitive data. A device can get lost or stolen. You'll have to implement a secure user login to your server and store the CC data there.

Try using this http://developer.authorize.net/downloads/

Royston Pinto
  • 6,681
  • 2
  • 28
  • 46
  • -1 because technically, I think you are a little out-dated, as I have on and a round me several current (and up to 2 years older) devices with built-in secure elements for this exact use. – paulkayuk Oct 24 '12 at 10:45
  • 1
    I guess you would also understand that with time, security has also become a thing which can be much easily compromised. – Royston Pinto Oct 24 '12 at 10:50
  • in android developer site, [this link](http://developer.android.com/guide/practices/security.html#Data) says that if I put my keystore file at internal storage, the file would be only access by my application. is it sufficient to protect my keystore file and prevent from being brute-force attack? – Lin Yu Cheng Oct 24 '12 at 12:36
  • Well i went through the links, looks like there is a good level of protection! And so you could possibly go ahead and try this :) – Royston Pinto Oct 24 '12 at 13:26
2

It seems my approach in my post is finally my answer.

because andriod provide access limit on internal storage(see this link) , even device get lost or stolen, hacker still can't access the keystore and break it by brute-force method.

But there is another issue.

In a rooted phone, 'bad program' is possible to listen soft keyboard, there are some other study work I should do.

Lin Yu Cheng
  • 667
  • 9
  • 21
  • You can't guard against everything. For example users can install their own keyboard app (e.g., Swype), which could always log such information as it's entered. I think the important part is doing all reasonable steps to prevent leaks from your application, including allowing users the option to NOT have this data stored at all. – Vala Oct 24 '12 at 13:59
0

You should never store a credit card number on a user device.

PCI requires a quarterly key change for your ciphered elements - so how would you accomplish that? Force the user to change his/her password every 3 months? What if they never log in to change it?

You method is extremely vulnerable to an attacker becoming a 'customer' in order to try to break your system - he'll be able to do it right on his own device without his attacked being detected or resisted. Then he can use what he learns to attack your other customers' accounts. Please let us know what web site you are working on - I want to stay far, far away from it when you are done if you follow this design method.

Ron Robinson
  • 558
  • 1
  • 3
  • 8
  • does 'quarterly key change' means the key in the keystore should be change very often? – Lin Yu Cheng Oct 26 '12 at 04:27
  • does 'quarterly key change' means the key in the keystore should be change very often? Maybe it could be achieved by changing the secret key each time after user login or finishing his payment(user always need to reenter password before pay by credit card). on the other hand...keystore is store in internal storage that is protected by android OS, do you mean that I shouldn't trust the security mechanism provides by OS? – Lin Yu Cheng Oct 26 '12 at 04:39