[android-developers] Re: A sample mobile banking solution
Now my questions will revolve around android. 1.which protocols are supported for a secure connection? 2.which security framework is available or can be ported to android . 3.In case of slow performance, what is available on native level 4.does it make sense to change the framework/platform code and run certain software as root only? @Roman: Thanks a lot.I'll come back with answers ASAP. I don't want to trust android browser :-) On Sep 8, 5:31 am, Roman ( T-Mobile USA) roman.baumgaert...@t- mobile.com wrote: The security architecture for your mobile application depends on the requirements for mobile banking application in general. I would start the following investigations - What are the mobile banking requirements on a mobile device --- required radio interface for your transaction (wifi is not as secure as cellular) --- what is needed if you are on wifi? --- Which security mechanisms are involved for a banking transaction? (investigate IP connectivity requirements up to security requirements on application level - What is supported on Android? (for example there a limitations on WPA2 support in Android SDK in case of Wifi) --- which protocols are supported for a secure connection? --- which security framework is available or can be ported --- in case of slow performance, what is available on native level --- does it make sense to change the framework/platform code and run certain software as root only? This are only some basic questions which I came up with. But may be it helps to get started. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 2:12 am, Sudeep Jha sudeep.neti...@gmail.com wrote: Hi all, Can anybody tell me something about the security architecture required to build a mobile banking solution in android? Warm Regards, Sudeep -- Warm Regards, Sudeep --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: A sample mobile banking solution
Keep in mind that your app may need to get PCI certification too. Several agents exist that provide such a service that are certified to do such code/process review work. Could end up being quite costly before you can apply the app for commercial use. George On Tue, Sep 8, 2009 at 5:35 AM, Joseph Arceneaux joe.arcene...@gmail.comwrote: What about just trusting Android-browser to bank server SSL, as is the general case on the web? Joe On Mon, Sep 7, 2009 at 5:31 PM, Roman ( T-Mobile USA) roman.baumgaert...@t-mobile.com wrote: The security architecture for your mobile application depends on the requirements for mobile banking application in general. I would start the following investigations - What are the mobile banking requirements on a mobile device --- required radio interface for your transaction (wifi is not as secure as cellular) --- what is needed if you are on wifi? --- Which security mechanisms are involved for a banking transaction? (investigate IP connectivity requirements up to security requirements on application level - What is supported on Android? (for example there a limitations on WPA2 support in Android SDK in case of Wifi) --- which protocols are supported for a secure connection? --- which security framework is available or can be ported --- in case of slow performance, what is available on native level --- does it make sense to change the framework/platform code and run certain software as root only? This are only some basic questions which I came up with. But may be it helps to get started. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 2:12 am, Sudeep Jha sudeep.neti...@gmail.com wrote: Hi all, Can anybody tell me something about the security architecture required to build a mobile banking solution in android? Warm Regards, Sudeep -- Warm Regards, Sudeep --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: A sample mobile banking solution
You may also want to look into ISO 8583 specs dependent on use of your application. George On Tue, Sep 8, 2009 at 5:25 AM, Roman ( T-Mobile USA) roman.baumgaert...@t-mobile.com wrote: You might be interested to watch the following web cast about mobile banking http://www.sybase.com/detail?id=1060252 The last web cast I watched from Sybase was pretty good. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 5:31 pm, Roman ( T-Mobile USA) roman.baumgaert...@t- mobile.com wrote: The security architecture for your mobile application depends on the requirements for mobile banking application in general. I would start the following investigations - What are the mobile banking requirements on a mobile device --- required radio interface for your transaction (wifi is not as secure as cellular) --- what is needed if you are on wifi? --- Which security mechanisms are involved for a banking transaction? (investigate IP connectivity requirements up to security requirements on application level - What is supported on Android? (for example there a limitations on WPA2 support in Android SDK in case of Wifi) --- which protocols are supported for a secure connection? --- which security framework is available or can be ported --- in case of slow performance, what is available on native level --- does it make sense to change the framework/platform code and run certain software as root only? This are only some basic questions which I came up with. But may be it helps to get started. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 2:12 am, Sudeep Jha sudeep.neti...@gmail.com wrote: Hi all, Can anybody tell me something about the security architecture required to build a mobile banking solution in android? Warm Regards, Sudeep -- Warm Regards, Sudeep --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: A sample mobile banking solution
The security architecture for your mobile application depends on the requirements for mobile banking application in general. I would start the following investigations - What are the mobile banking requirements on a mobile device --- required radio interface for your transaction (wifi is not as secure as cellular) --- what is needed if you are on wifi? --- Which security mechanisms are involved for a banking transaction? (investigate IP connectivity requirements up to security requirements on application level - What is supported on Android? (for example there a limitations on WPA2 support in Android SDK in case of Wifi) --- which protocols are supported for a secure connection? --- which security framework is available or can be ported --- in case of slow performance, what is available on native level --- does it make sense to change the framework/platform code and run certain software as root only? This are only some basic questions which I came up with. But may be it helps to get started. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 2:12 am, Sudeep Jha sudeep.neti...@gmail.com wrote: Hi all, Can anybody tell me something about the security architecture required to build a mobile banking solution in android? Warm Regards, Sudeep -- Warm Regards, Sudeep --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: A sample mobile banking solution
You might be interested to watch the following web cast about mobile banking http://www.sybase.com/detail?id=1060252 The last web cast I watched from Sybase was pretty good. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 5:31 pm, Roman ( T-Mobile USA) roman.baumgaert...@t- mobile.com wrote: The security architecture for your mobile application depends on the requirements for mobile banking application in general. I would start the following investigations - What are the mobile banking requirements on a mobile device --- required radio interface for your transaction (wifi is not as secure as cellular) --- what is needed if you are on wifi? --- Which security mechanisms are involved for a banking transaction? (investigate IP connectivity requirements up to security requirements on application level - What is supported on Android? (for example there a limitations on WPA2 support in Android SDK in case of Wifi) --- which protocols are supported for a secure connection? --- which security framework is available or can be ported --- in case of slow performance, what is available on native level --- does it make sense to change the framework/platform code and run certain software as root only? This are only some basic questions which I came up with. But may be it helps to get started. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 2:12 am, Sudeep Jha sudeep.neti...@gmail.com wrote: Hi all, Can anybody tell me something about the security architecture required to build a mobile banking solution in android? Warm Regards, Sudeep -- Warm Regards, Sudeep --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: A sample mobile banking solution
What about just trusting Android-browser to bank server SSL, as is the general case on the web? Joe On Mon, Sep 7, 2009 at 5:31 PM, Roman ( T-Mobile USA) roman.baumgaert...@t-mobile.com wrote: The security architecture for your mobile application depends on the requirements for mobile banking application in general. I would start the following investigations - What are the mobile banking requirements on a mobile device --- required radio interface for your transaction (wifi is not as secure as cellular) --- what is needed if you are on wifi? --- Which security mechanisms are involved for a banking transaction? (investigate IP connectivity requirements up to security requirements on application level - What is supported on Android? (for example there a limitations on WPA2 support in Android SDK in case of Wifi) --- which protocols are supported for a secure connection? --- which security framework is available or can be ported --- in case of slow performance, what is available on native level --- does it make sense to change the framework/platform code and run certain software as root only? This are only some basic questions which I came up with. But may be it helps to get started. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 7, 2:12 am, Sudeep Jha sudeep.neti...@gmail.com wrote: Hi all, Can anybody tell me something about the security architecture required to build a mobile banking solution in android? Warm Regards, Sudeep -- Warm Regards, Sudeep --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---