diff --git a/app/src/main/java/net/authorize/acceptsdk/sampleapp/CheckoutActivity.java b/app/src/main/java/net/authorize/acceptsdk/sampleapp/CheckoutActivity.java index 06b3109..ef36116 100644 --- a/app/src/main/java/net/authorize/acceptsdk/sampleapp/CheckoutActivity.java +++ b/app/src/main/java/net/authorize/acceptsdk/sampleapp/CheckoutActivity.java @@ -7,6 +7,7 @@ import android.support.v4.app.FragmentManager; import android.util.Log; import android.view.View; +import android.view.WindowManager; import android.widget.Button; import android.widget.FrameLayout; import android.widget.LinearLayout; @@ -73,6 +74,12 @@ public class CheckoutActivity extends BaseActivity @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + + // SECURITY: Prevent screenshots and screen recording to protect sensitive payment data + // (CVV, card numbers) from overlay attacks, screen capture malware, and shoulder-surfing + getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE, + WindowManager.LayoutParams.FLAG_SECURE); + setContentView(R.layout.activity_checkout); setupViews(); createNetworkTokenPaymentMethodParameters(); diff --git a/app/src/main/java/net/authorize/acceptsdk/sampleapp/androidpay/OrderCompleteActivity.java b/app/src/main/java/net/authorize/acceptsdk/sampleapp/androidpay/OrderCompleteActivity.java index b75cf44..2f73184 100644 --- a/app/src/main/java/net/authorize/acceptsdk/sampleapp/androidpay/OrderCompleteActivity.java +++ b/app/src/main/java/net/authorize/acceptsdk/sampleapp/androidpay/OrderCompleteActivity.java @@ -61,13 +61,12 @@ private void populateEncryptedBlobs(){ if (paymentMethodToken != null) { String tokenJSON = paymentMethodToken.getToken(); if (tokenJSON != null) { - Log.d("AndroidPay", "AndroidPay token before encode :" + tokenJSON); + // SECURITY: Do not log payment tokens — they contain encrypted card data + // that could be exposed via logcat, bug reports, or crash-reporting tools. String blob = getBase64Blob(tokenJSON); - Log.d("AndroidPay", "AndroidPay Blob" + blob); String anetBlob = createSecServiceJson(blob); anetBlob = getBase64Blob(anetBlob); - Log.d("ANet OpaqueData Blob" , anetBlob); androidPayBlobView.setText(anetBlob); } return; diff --git a/app/src/main/res/layout/fragment_accept.xml b/app/src/main/res/layout/fragment_accept.xml index 7ab720f..0a3abe3 100644 --- a/app/src/main/res/layout/fragment_accept.xml +++ b/app/src/main/res/layout/fragment_accept.xml @@ -118,7 +118,8 @@ android:layout_weight="1" android:hint="@string/cvv" android:imeOptions="actionNext" - android:inputType="number" + android:inputType="numberPassword" + android:importantForAutofill="no" android:maxLength="3" android:nextFocusDown="@+id/zip_code_view" android:textSize="32sp"