Skip to main content

Frequently asked questions

What is better? SDK or APK

This depends entirely on your use case. Let us compare the two solutions on a high level:
SDK

  • Only one APP needs to be installed
  • Requires a Integration Review certification
  • Adaptions to your build system might be required
  • Regular builds of your application are required to update the contained SKB (every three months)
APK
  • Two APPs need to be installed
  • No Integration Review certification is required if the PhonePOS UI or OTP personalisation is used
  • You only need to include the Rubean Transaction API to work with the terminal
  • Regular updates of the PhonePOS APK are required to be installed to update the contained SKB (every three month)

If you are currently deciding on whether to use the APK or SDK please do contact your sales contact at Rubean.

Why are regular updates required?

Our software solution does use a proprietary SKB (SecureKeyBox) to ensure that no attacker can extract communication keys. The implementation for the SKB does change with every update, and we do enforce that only the current version of the key store is able to run in production.
The required update interval is every three months

Why does PhonePOS request the camera permission?

We use the camera permission to prevent other apps from accessing the camera during payments.
This does prevent serious attack vectors:

  • Front camera: attacker could estimate finger movements to capture the PIN (Personal Identification Number)
  • Back camera: attacker could take a picture of the presented card and extract the PAN (Primary Account Number)
What native platforms does PhonePOS support?

Currently we support the ARM64_V8A platform which is used by the overwhelming majority of the devices in the marked. ARMEABI_V7A and X86_64 hardware is not supported.