Security of Squareup and PayPal smart phone apps

I've been considering installing an app on my phone to allow me to accept credit card payments via smart phone using a card reader for my small business. Squareup and PayPal seem to have the most popular plans. However, they both require that I let them access my camera, microphone, contacts, GPS, etc. And they want to be able to do it at will. They claim to protect the users' privacy. It still doesn't make sense to me. Earlier this year when I switched to Geico for car insurance, they suggested I install their app. I looked at it. They also want full access to my phone. No way!

Does anybody have experience with these or others, and do you feel safe allowing these apps to access information on your phone?

Have you used any other point-of-sale system besides PayPal and Squareup?

Find more posts tagged with

Comments

yoba222

I try to minimize mixing smart phones and bank accounts/credit cards. I am overly paranoid and I know that. I think probably PayPal and Squareup are okay, it's just the other apps on the phone that might be taking screenshots or who know's what.

Researchers report >4,000 apps that secretly record audio and steal logs:
https://arstechnica.com/information-technology/2017/08/android-users-bombarded-with-4000-spy-apps-three-land-in-google-play/

If I had to use a phone for payments for business it would be bare bones with no other apps and I wouldn't store contact information on it. Paranoid though.

stryder144

I agree with yoba222, get a burner smart phone off of ebay that meets the requirements of ebay or square and use a pay-as-you-go service. Store nothing but the required minimum information. Also, put a VPN on it...just in case.

tedjames

Excellent advice about the burner phone! While I have nothing to had, that's beside the point. No one has a right to snoop around the contents of my phone.

I don't usually download apps to my phone, anyway.

YFZblu

tedjames wrote: »

...they both require that I let them access my camera, microphone, contacts, GPS, etc. And they want to be able to do it at will. They claim to protect the users' privacy. It still doesn't make sense to me.

Square lists their reasoning for various app permissions requirements on their website; it's pretty standard stuff. FWIW, to me Square seems like a solid company that actually cares about security. A company that hires a researcher like Chris Rholf gets some benefit of the doubt in my eyes.

tedjames

Thanks! That's really good to know.

jcundiff

YFZblu wrote: »

Square lists their reasoning for various app permissions requirements on their website; it's pretty standard stuff. FWIW, to me Square seems like a solid company that actually cares about security. A company that hires a researcher like Chris Rholf gets some benefit of the doubt in my eyes.

Square has come a long way from a security standpoint... they originally did not encrypt at swipe, but rather at transmit. They have fixed that and is as secure as any other phone/pos platform

tedjames

Definitely good to know. I'm still concerned about the data they collect. I guess it won't matter when I install the app on a burner phone.

https://squareup.com/legal/privacy