Security of Squareup and PayPal smart phone apps
I've been considering installing an app on my phone to allow me to accept credit card payments via smart phone using a card reader for my small business. Squareup and PayPal seem to have the most popular plans. However, they both require that I let them access my camera, microphone, contacts, GPS, etc. And they want to be able to do it at will. They claim to protect the users' privacy. It still doesn't make sense to me. Earlier this year when I switched to Geico for car insurance, they suggested I install their app. I looked at it. They also want full access to my phone. No way!
Does anybody have experience with these or others, and do you feel safe allowing these apps to access information on your phone?
Have you used any other point-of-sale system besides PayPal and Squareup?
Does anybody have experience with these or others, and do you feel safe allowing these apps to access information on your phone?
Have you used any other point-of-sale system besides PayPal and Squareup?
Comments
-
yoba222
Member Posts: 1,237 ■■■■■■■■□□
I try to minimize mixing smart phones and bank accounts/credit cards. I am overly paranoid and I know that. I think probably PayPal and Squareup are okay, it's just the other apps on the phone that might be taking screenshots or who know's what.
Researchers report >4,000 apps that secretly record audio and steal logs:
https://arstechnica.com/information-technology/2017/08/android-users-bombarded-with-4000-spy-apps-three-land-in-google-play/
If I had to use a phone for payments for business it would be bare bones with no other apps and I wouldn't store contact information on it. Paranoid though.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
stryder144
Member Posts: 1,684 ■■■■■■■■□□
I agree with yoba222, get a burner smart phone off of ebay that meets the requirements of ebay or square and use a pay-as-you-go service. Store nothing but the required minimum information. Also, put a VPN on it...just in case.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
Excellent advice about the burner phone! While I have nothing to had, that's beside the point. No one has a right to snoop around the contents of my phone.
I don't usually download apps to my phone, anyway. -
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
...they both require that I let them access my camera, microphone, contacts, GPS, etc. And they want to be able to do it at will. They claim to protect the users' privacy. It still doesn't make sense to me.
Square lists their reasoning for various app permissions requirements on their website; it's pretty standard stuff. FWIW, to me Square seems like a solid company that actually cares about security. A company that hires a researcher like Chris Rholf gets some benefit of the doubt in my eyes. -
jcundiff
Member Posts: 486 ■■■■□□□□□□
Square lists their reasoning for various app permissions requirements on their website; it's pretty standard stuff. FWIW, to me Square seems like a solid company that actually cares about security. A company that hires a researcher like Chris Rholf gets some benefit of the doubt in my eyes.
Square has come a long way from a security standpoint... they originally did not encrypt at swipe, but rather at transmit. They have fixed that and is as secure as any other phone/pos platform"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
Definitely good to know. I'm still concerned about the data they collect. I guess it won't matter when I install the app on a burner phone.
https://squareup.com/legal/privacy
