Frequently asked questions
Which is better: SDK or APK?
This depends entirely on your use case. Let us compare the two solutions on a high level:
SDK
- Only one app needs to be installed
- Requires an MPoC Integration Review certification
- Adaptations to your build system might be required
- Regular builds of your application are required to update the contained SKB (every three months)
- Two apps need to be installed
- No Integration Review certification is required if the PhonePOS UI or OTP personalisation is used
- You only need to include the Rubean Transaction API to work with the terminal
- Regular updates of the PhonePOS APK are required to update the contained SKB (every three months)
If you are currently deciding on whether to use the APK or SDK please do contact your sales contact at Rubean.
Why are regular updates required?
Our software solution uses a proprietary SKB (SecureKeyBox) to ensure that no attacker can extract communication keys.
The implementation for the SKB does change with every update, and we do enforce that only the current version of the key store is able to run in production.
The required update interval is every three months.
Why does PhonePOS request the camera permission?
We use the camera permission to prevent other apps from accessing the camera during payments.
This does prevent serious attack vectors:
- Front camera: attacker could estimate finger movements to capture the PIN (Personal Identification Number)
- Back camera: attacker could take a picture of the presented card and extract the PAN (Primary Account Number)
What native platforms does PhonePOS support?
Currently we support the ARM64_V8A platform, which is used by the overwhelming majority of devices in the market. ARMEABI_V7A and X86_64 hardware are not supported.