card.io-Android-source icon indicating copy to clipboard operation
card.io-Android-source copied to clipboard

Published 20 hours ago verified publisher icon card-io

Security threat for non obfuscated classes

Open navinpd opened this issue 7 years ago • 0 comments

General information

  • SDK/Library version: 5.5.1
  • Android Version and Device: Android devices

Issue description

Once I opened obfuscated classes.dex file from my android project in which I used card.io library, I see 3 classes exposed from io.card.payment package which are:

  1. CardScanner.class
  2. CreditCard.class
  3. DetectionInfo.class

And it's quite obvious to hook & retrieve carddetails from CreditCard class. I see proguard.cfg file which don't allow us to obfuscate above classes: -keep class io.card.payment.DetectionInfo -keepclassmembers class io.card.payment.DetectionInfo { public *; } -keep class io.card.payment.CreditCard -keepclassmembers class io.card.payment.CreditCard { *; }

Has any one thought of obfuscating these classes manually or we are safe of hook detection ?

navinpd avatar Jul 25 '18 03:07 navinpd