Assuming you're referring to the Android app.
The source code is available on github. However if you're paranoid you
won't believe that the source code matches the downloaded app.
Apps can only access the Internet if they are given express permission
to do so when they are installed. If you are truly paranoid you will
probably just plain disbelieve this.
If you are really truly paranoid, then the lack of proof that it isn't
sending your card details will count as proof that it is.
I've read from independent sources that the cvv is not encoded on the
card, either on the magnetic strip, or on the chip. I'm surprised that
the card holders name isn't available though.
Shaun O'Connor writes:
had a look myself my only concern is that, without access to the source
code of the app there is no way of knowing if the information is being
transmitted elsewhere, also, even though security information ( for
example the three digit code) is not visible on your device, it doesn't
necessarily mean the data isn't (a) being read and (b) being transmitted
to a party other than an authorized party.
My thinking is , and has always been if its too convenient you are
sacrificing something in return and not always with your explicit consent.
On 06/04/2015 14:47, lsmithso@xxxxxxxxxxxxxxxx wrote:
Hi: A while ago there was a conversation on here about the
accessability and security of contactless payment cards. I received
mine a few weeks ago, and finally got around to testing if I could
read it with a smart phone.
The answer is yes. I can read the card number, the expiry date, card
type, the card issuer and the number of PIN attempts left, and that
was that. The card holders name and the cvv cryptogram are not
readable.
The card has to be held within 1cm of the back of the phone for about
0.5 seconds for it to be read. It could be reliably read when inside
my wallet, in my trouser pocket. Wrapping the card in a single
thickness of cooking foil completely prevented the card from being
read.
Given that less information is exposed by NFC than is available from a
casual glance of the card, and that any eavesdropper would have to get
pretty touchy feely to be able to scan my card without my knowledge,
then I'm pretty relaxed about having this card in my wallet. I feel
no more vulnerable than if I used a non-contactless card.
App details:
Banking card reader NFC (EMV)
https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard&hl=en
Android Nexus 5.
--
*_PRIVACY IS A BASIC RIGHT - NOT A CONCESSION _*
https://www.eff.org/deeplinks/2014/11/when-time-comes-we-need-be-ready-fight-tpps-secret-anti-user-agenda
