Skip to content
This repository has been archived by the owner on Jan 12, 2019. It is now read-only.

Security threat for non obfuscated classes #168

Open
navinpd opened this issue Jul 25, 2018 · 0 comments
Open

Security threat for non obfuscated classes #168

navinpd opened this issue Jul 25, 2018 · 0 comments

Comments

@navinpd
Copy link

navinpd commented Jul 25, 2018

General information

  • SDK/Library version: 5.5.1
  • Android Version and Device: Android devices

Issue description

Once I opened obfuscated classes.dex file from my android project in which I used card.io library, I see 3 classes exposed from io.card.payment package which are:

  1. CardScanner.class
  2. CreditCard.class
  3. DetectionInfo.class

And it's quite obvious to hook & retrieve carddetails from CreditCard class.
I see proguard.cfg file which don't allow us to obfuscate above classes:
-keep class io.card.payment.DetectionInfo
-keepclassmembers class io.card.payment.DetectionInfo {
public *;
}
-keep class io.card.payment.CreditCard
-keepclassmembers class io.card.payment.CreditCard {
*;
}

Has any one thought of obfuscating these classes manually or we are safe of hook detection ?
@navinpd navinpd changed the title Security threat for non obfuscated code Security threat for non obfuscated classes Jul 30, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@navinpd