24 February 2023
Posted by the Stripe and Android teams
Stripe Terminal is a set of tools for accepting in-person payments, including developer
interfaces, card readers, and logistics management. Android developers can build in-person commerce experiences with the Terminal Android SDK and the Tap to Pay on Android SDK. The Terminal Android SDK allows users to go to market with Stripe’s pre-certified card readers, and the Tap to Pay on Android SDK enables merchants to accept contactless payments on their existing compatible Android devices. The Tap to Pay on Android SDK eliminates the need for additional hardware, allowing POS providers and their users to quickly scale, increase revenue, and reach new markets. Both SDKs integrate seamlessly with the Stripe platform, so businesses can manage online and in-person payments in one place. Existing Terminal users have integrated Tap to Pay on Android with the Stripe Terminal SDK in just a couple of weeks.
Stripe has used Google Play SDK Console since the product’s launch in 2020 to monitor the performance of our SDKs, including the Terminal Android SDK and Android SDK for online payments. Google Play SDK Console is a platform for widely-used commercial SDKs to share important updates with developers—such as critical issues related to recent releases—and provide precise mitigation instructions for out-of-date SDK versions. Features of Google Play SDK Console such as usage statistics, crash reporting, and version reporting make it possible for SDK providers such as Stripe to streamline communication with customers and help keep a pulse on the health of their SDKs.
Security was key to the development of the Tap to Pay on Android SDK due to the need to secure sensitive card data for the acceptance of contactless payments on a broad range of consumer devices. We originally incorporated the SafetyNet Attestation API into our broader security strategy for Terminal to address the need for device attestation. Looking ahead to 2023, we plan to use the new Play Integrity API, which replaced SafetyNet Attestation and offers device attestation and other integrity services. The Play Integrity API will also help us meet the recently published PCI MPoC (Mobile Payments on COTS) standard for mobile payment acceptance solutions. This standard requires Stripe to verify that Android applications using the Tap to Pay on Android SDK are unmodified, and that those applications have been installed from a trusted source like the Google Play Store. The Play Integrity API will not only help us meet industry standards, but will also mitigate the risk that a compromised device or application could be used to collect payments, which protects Stripe users and upholds the security of payments made using the Tap to Pay on Android SDK.
How Play Integrity API works |
We’re excited to partner with Google as an early adopter of the Play Integrity API for SDKs. This will allow the Stripe SDK to access the Play Integrity API with an API key, streamlining the experience for developers using the SDK as they won’t have to separately integrate with the Integrity API. Google plans to offer this to more SDKs in 2023.
Where can I learn more about Stripe’s Tap to Pay on Android SDK?
Visit our Tap to Pay page for more information. Tap to Pay on Android is currently available through the Stripe Terminal Android SDK in the US, Canada, the UK, Singapore, Australia, and New Zealand. Reach out here to start building.