From the attacker's perspective, it is very slightly less convenient (over using Samsung's Secure Area) because they have to carry two phones with them. However, if someone doesn't already have a second phone lying around, they can get a second one for relatively little cost, install your application on that and configure it to use a second account.įrom your perspective, it's equally as dangerous: two instances of your application, using two accounts, controlled by one person. Ignoring Samsung's Secure Area for the moment, it's very easy to write your app so that a user can only use one account per phone. What I would question is the relevance of " on same device".
Many applications have rules against multiple accounts: for instance, with many online games multiple accounts could be used to "game the system" to get an unfair advantage. fin-tech app and to avoid fraud and risk we want to prevent user from installing more than one app on same deviceĪlthough you don't give details, I'm happy to take at face value that one user having multiple accounts poses a risk of fraud. fintech (wallet app) basically we are trying to prevent user from installing two apps and using two different account on same device A by-product of successfully defending the "two phone problem" is that it will (as far as I can see) also defend against the specific "Samsung problem" that you are currently worried about. The relative ease with which an attacker could (ab)use two phones means that that is where you should first focus your defensive efforts. Summary: Your (perceived) " Samsung problem" (one phone two accounts) is really just a special case of a wider " two phone problem" (two phones two accounts). As I have failed to express myself clearly enough in comments, I have decided to write a frame challenging answer to try and show you why I believe you are focusing on the wrong problem.
0 kommentar(er)
