paxstore / paxstore-3rd-app-android-sdk Goto Github PK

Hi,

I have integrate PAXSTORE SDK v6.0 following the provided sample code.

My initInquirer() is as follows:

   private void initInquirer() {
        //Init checking of whether app can be updated
        StoreSdk.getInstance().initInquirer(new StoreSdk.Inquirer() {
            @Override
            public boolean isReadyUpdate() {
                Timber.i( "isReadyToUpdate = " + !isTrading);
                //todo call your business function here while is ready to update or not

                return false; // Always return false for test puproses
            }
        });
    }

I push a new verison from PAXSTORE admin console and although the isReadyUpdate() method always return false the PAXSTORE does not respect the value and install the new app version to the terminal.

Is this a bug? Am I missing something here?

Thanks

I'm using this library in my android app. When upgrading the compileSdkVersion to 31 i get the following error:

Manifest merger failed : android:exported needs to be explicitly specified for . Apps targeting Android 12 and higher are required to specify an explicit value for android:exported when the corresponding component has an intent filter defined. See https://developer.android.com/guide/topics/manifest/activity-element#exported for details.

After doing some research i found the following stack overflow post: https://stackoverflow.com/a/69347425/12912676. After following what the comment I linked to suggests, I found that this library has services, receivers and activities without the android:exported attribute in your manifest.

I was able to workaround this issue by overriding the receiver, service or activity in my own android manifest and adding the android:exported and tools:node="merge" attribute to it.

<receiver android:name="com.pax.market.android.app.sdk.DownloadParamReceiver" android:exported="false" tools:node="merge" />

But i would like to see this changed in this library so I don't have to do this. By adding the android:exported="true|false" to your services, receivers and activities in your manifest should resolve the issues on my side.

Thanks in advance.
Feel free to ask for more info if you need it.

Using the latest sdk when I try to run the app it gives me below exception

android.os.RemoteException: Bind service failed, STORE client may not installed

Hi, I'm integrating the PaxStore GoInsight API on Android apk.

The API works fine. I've done it!

But when I activate the ProGuard rules (minifyEnabled true, shrinkResources true) I get this error: Your request is invalid, please try again or contact marketplace administrator code: 113

I have just add the https://github.com/PAXSTORE/paxstore-3rd-app-android-sdk#proguard

Are there other rules for GoInsight?

Thanks

I have an ebay purchased pax A80 that I'm trying to repurpose into a game console. I'm trying tonreuse the hardware but can't install anything over ADB, or elsewhere. Could this repo help me sign may DOOM engine APK?

As I work on a parameter application, I want to download some of Paysuits' parameters to my programme.

I examined your demo programme and found that you had extended the deprecated IntentService class in the DownloadParamService class.

So will you kindly check and get rid of the outdated code?

When I push app on WhatsPOS and I found some PushApp status (app is busy, app is ready, downloading, push app success, push app failed, cancel task)

How can 3rd-app access this Push App status?

Application will crash when update from low version to newer version cuz context.startForegroundService .

Please fix RPCService

StoreSdk.getInstance().getBaseTerminalInfo(getContext().getApplicationContext(), new BaseApiService.ICallBack() {
@OverRide
public void onSuccess(Object obj) {
TerminalInfo terminalInfo = (TerminalInfo) obj;
Log.i("onSuccess: ", terminalInfo.toString());
Toast.makeText(getContext().getApplicationContext(), terminalInfo.toString(), Toast.LENGTH_SHORT).show();
}

                @Override
                public void onError(Exception e) {
                    Log.i("onError: ", e.toString());
                    Toast.makeText(getContext().getApplicationContext(), "getTerminalInfo Error:" + e.toString(), Toast.LENGTH_SHORT).show();

                }
            });
            
            android.os.RemoteException: Null value returned, STORE client may not activated or running. Please check

When importing the SDK as module into another project that uses the latest gradle wrapper (https://services.gradle.org/distributions/gradle-5.1.1-all.zip) and Android gradle plugin ('com.android.tools.build:gradle:3.4.1'), the PAX SDK module fails to build because com.google.gson cannot be found.

Adding
implementation 'com.google.code.gson:gson:2.8.5'
to the SDK's build.gradle file fixes this problem.

Hi, we have a self-checkout app, and the ability to reboot the terminal would be of huge value to us.

Rebooting the terminal solve the most common problems that we encounter. We often have internet connection issues that require a APN reconfiguration that is performed when the terminal reboots. Or sometimes the service that we use for payment (which we don't control) stops responding, and rebooting the terminal fixes it. Every other problem that we've encoutered were also fixed by rebooting the terminal.

Because or app is used for self-checkout, there is no one present to manually reboot it. Rebooting via the PAXSTORE Administrator Center also won't help if the terminal is offline.

Is there any possibility of rebooting the terminal using the SDK?

Inquirer.isReadyUpdate is not blocking the update when returning false

Version Tested 9.0.0 and 8.9.0

My company has a payment app running on PAX devices and using the PaxStore to update app remotely. Our idea to use the Inquirer flow, is to allow the updates when there is no transactions on course, but if we return always false to Inquirer.isReadyUpdate method the update is not postponed.

What is the correct behavior to this flow?

Best Regards.

Libraries really have no business setting allowBackup. Setting allowBackup to true is symbolic of a library that is incapable of handling its own data appropriately so leans on Google to do it and presents a problem for downstream integrations as they really have to not allow that to merge. That setting would utilise Google's proprietary cloud backup systems, I believe it shouldn't be possible on PAX devices but with that in the AndroidManifest questions must be asked:

1. is it a security issue? Is data being backed up to Google cloud systems? Where in the world is that happening? What contracts are in place to protect the data from Google?

2. is it using a PAX backup mechanism? PAX cloud storage? Why is it set in the library?

StoreSdk.getInstance().getBaseTerminalInfo(getContext().getApplicationContext(), new BaseApiService.ICallBack() {

everytime return is null. i am not able to understand why retrun is NULL

android.os.RemoteException: Null value returned, STORE client may not activated or running. Please check

I need read UID NFC tag or card using PAX A930, in Brazil, name is Moderninha Smart.

Hi can any on please help us below things sorry for the opening issue, i know its not issue but i dint have other chance to ask.

we have a developer account.

1.how to enable debugging options in PAX A920 device?

2. how to get the paydroid-Neptune SDK ?

The issue we are currently experiencing involves the duplication of information in GoInsight. It appears that the data is being stored two, three, and even four times when it should only be sent once.

Whenever I try to push an update to my app, either via "Push app" or "Push app template", I noticed that the update does not immediately get pushed to the terminal. I have to restart the terminal, and open the PAXSTORE app in order to receive the update. Is this the expected behavior?

I am using a PAX A920.

StoreSDK.init() is successful, but when I call getBaseTerminalInfo() or startLocate() I get:

android.os.RemoteException: Not allowed to get terminal information from PAXSTORE

This happens when I run the demo as well. Any idea why this is happening?

Here are the scan results:

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069

** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in square/okhttp#4967.

It seems to be caused by an outdated version of jackson and okhttp.
Please upgrade these two libraries.

I am in the process of uploading a new version of my app to PAXSTORE. To test if updating from an older version to a newer version works, I am upgrading using the Sandbox Terminal capability so that I don't have to wait for approval. Once I activate the sandbox push task, I get an Install app notification on my PAX A920 terminal immediately. However, upon checking my terminal's PAXSTORE app push history, the app installation is stuck at "Processing". What could be the reason for this behavior?

Note: I've tried uninstalling the said app and pushing the app installation via PAXSTORE. It works. The only problem is upgrading from an existing version to another.

I have tested this behavior on version 6.3.1 and 7.0.1.

dom4j-1.6.1.jar (pkg:maven/dom4j/[email protected], cpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*) : CVE-2018-1000632, CVE-2020-10683

jackson-databind-2.8.9.jar (pkg:maven/com.fasterxml.jackson.core/[email protected], cpe:2.3:a:fasterxml:jackson:2.8.9:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-databind:2.8.9:*:*:*:*:*:*:*) : CVE-2017-15095, CVE-2017-17485, CVE-2018-1000873, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548

These CVEs were already fixed in recent versions of the libraries.

Gradle plugin tool: https://github.com/jeremylong/DependencyCheck

Hi, I would like to know if we could help how to integrate the sdk, a project in xamarin