Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk

Security countermeasures

The NFC Wallet SDK includes countermeasures for common mobile threats.

Coverage by flow

Provisioning

Provisioning includes wallet enrollment and Tokenization.

During provisioning, the NFC Wallet SDK protects against:

  • Debugger attached

  • Man-in-the-middle (MITM) attack

  • Jailbroken device

  • Non-designated application signing certificate

  • Hooking detection

  • Debug build used in Production Environment

  • Binary tampering detection

Payment

During payment, the NFC Wallet SDK protects against:

  • Debugger attached

  • Hooking detection

  • Debug build used in Production Environment

  • Binary tampering detection

Countermeasures

The countermeasures below apply to each security threat.

Debugger attached

  • Threat: An attacker attempts to reverse engineer the digital wallet application by attaching a debugger at runtime.

  • Applies to: Provisioning, Payment

  • Build type: Release

  • SDK behavior: Returns an error during SDK initialization, provisioning, and payment when a debugger is attached.

Man-in-the-middle (MITM) attack

  • Threat: An attacker attempts to intercept network traffic between the digital wallet application and the Cloud Provisioning Service (CPS).

  • Applies to: Provisioning

  • Build type: Release

  • SDK behavior: Returns an error when TLS server certificate validation fails.

Jailbroken device

  • Threat: A jailbroken device runs the digital wallet application.

  • Applies to: Provisioning

  • Build type: Debug, Release

  • SDK behavior: Returns an error on jailbroken devices during provisioning.

Non-designated application signing certificate

  • Threat: The digital wallet application is not signed with the designated certificate.

  • Applies to: Provisioning

  • Build type: Debug, Release

  • SDK behavior: Returns an error and fails wallet secure enrollment.

  • Setup: Configure the signing certificate hash during onboarding. See Provide onboarding data.

Hooking detection

  • Threat: An attacker attempts to hook method calls to monitor or modify runtime behavior.

  • Applies to: Provisioning, Payment

  • Build type: Debug, Release

  • SDK behavior: Returns an error when hooking is detected.

Debug build used in Production Environment

  • Threat: The App Store application integrates the Debug build of the NFC Wallet SDK.

  • Applies to: Provisioning, Payment

  • Build type: Debug

  • SDK behavior: Returns an error when the SDK detects a production-signed application using the Debug build.

Binary tampering detection

  • Threat: An attacker attempts to modify the digital wallet application or SDK binary.

  • Applies to: Provisioning, Payment

  • Build type: Debug, Release

  • SDK behavior: Returns an error when tampering is detected.

PreviousApple App PrivacyNextAdditional features

Last updated

Was this helpful?