Runtime Checks

We protect our PhonePOS solution with multiple measure to protect customer and terminal data as well as possible. If one of the following checks does return a positive result, PhonePOS will delete all terminal data, open a landing page with support information and end all internal services.

Root and Frida Checks

Rooting a device grants users elevated privileges, posing a security risk for our PhonePOS solution. Rooted devices expose vulnerabilities, enabling code manipulation and data interception. Frida, a dynamic instrumentation toolkit, facilitates real-time app behavior manipulation on top of a rooted device, aiding reverse engineering.

ADB Check

The Android Debug Bridge (ADB) presents a security concern for the PhonePOS solution, as it facilitates unauthorized access, dynamic analysis, and code tampering. Unauthorized ADB access can lead to data extraction and manipulation, jeopardizing the confidentiality of sensitive information.

Emulator Check

Emulators can aid development but also present a security risk, allowing attackers to analyze application behavior. PhonePOS must detect emulators as early as possible. It is mandatory to develop and test your integration with a physical device.

Show Taps and Pointer Location Check

New feature

Active from version v3.07.04.08

The Android Developer options includes the "Show taps" and "Pointer Location" features, also accessible via certain accessibility features or other apps. Enabling the "Show taps" option displays white circles on pointer locations on the screen. Enabling the "Pointer Location" displays the coordinates and history of the recognised touch points. Both options are useful for activities like screen recording. However, when the options are active during screen recording, the shown overlays on the screens could give a hints of the entered PINs to an attacker.

Overlay Detection

New feature

Active from version 3.10.01.06

Overlays are a potential security threat, as they can capture sensitive information such as PIN entries or mislead customers. An attacker may use an overlay to display a transparent window or a fake pinpad on top of the terminal's actual pinpad. This allows the attacker to capture PIN entry touches through the overlay.

Defenses Against Overlays & Focus Changes

PhonePOS employs three key defense mechanisms against overlays:

Disabling Overlays in Android:
We request Android to disable all overlays by calling:
```
this.getWindow().setHideOverlayWindows(true);
```
(This feature is available from Android SDK 31 / Android 12 and above.)
Detecting Obscured Touch Events:
PhonePOS detects touch events that have the FLAG_WINDOW_IS_OBSCURED flag. If any obscured touch event is detected on a transaction screen (even before PIN entry), the transaction will be canceled to ensure the security of cardholder data.

Note: This detection does not trigger if an overlay is present but not interacted with by the user.
Focus Changes: PhonePOS does detect if the focus of the application does change. This is done to detect potential overlaying windows appearing or disappearing.

Is this check required?

Disabling this detection is not possible, as it is required by our certifications to detect any overlay. For example, MPoC v1.0.1 specifies the detection of overlays in sections 1C-3.3, 1D-1.8, 1D-5.4, and 1E-1.7.

System Overlays

Although PhonePOS requests Android to disable all overlays (from Android 12 and up), some overlays may still remain active due to device-specific behavior or custom manufacturer implementations.

Android Status Bar

Pulling down and up the Android status bar window triggers the touch event overlay detection. Example video:

Android Manufacturer Implementations

Device manufacturers can implement custom overlays that may remain visible even when PhonePOS requests all overlays to be disabled. Samsung for example does display a so-called Samsung edge panel on the left or right side of the screen when activated by a swipe gesture from the screen edge. When this overlay is triggered, it will activate the overlay detection in PhonePOS. Example video:

Note: The Samsung Edge Panel overlay can also be activated if the user inadvertently touches the sensor area by holding the phone in certain ways. To avoid triggering overlay detections via the Edge Panel feature, we recommend:

Moving the sensor area: Touch and hold the sensor area, then move it to a different position.
Disabling the edge panel functionality: Disable this feature entirely if necessary.

Incorrect Implementations on Older Android Devices

We have observed that certain older Android builds from Xiaomi and potentially other manufacturers incorrectly report touch events with FLAG_WINDOW_IS_OBSCURED, even when no overlay is active. Specifically, we encountered this issue on the following devices:

Xiaomi Redmi Note 9 (Android 10, V12.0.8.0.QJOCNXM)
Xiaomi Redmi Note 9 Pro (Android 10, V12.0.5.0.QJOMIXM)

After updating both devices to Android >=11, this issue no longer occurred, and transactions could proceed as expected.

Android Toast Messages

If the ECR does display a toast message or any other overlay and then starts a payment, the overlay detection can be triggered. Please avoid displaying toast messages and other overlays before and during transactions.

Root and Frida Checks​

ADB Check​

Emulator Check​

Show Taps and Pointer Location Check​

Overlay Detection​

Defenses Against Overlays & Focus Changes​

System Overlays​

Android Status Bar​

Android Manufacturer Implementations​

Incorrect Implementations on Older Android Devices​

Android Toast Messages​