This document contains rules and guidelines that customers have to take into consideration when developing applications running on Westpay Carbon terminals.
Hardware
| Model | CPU | RAM | Disk | Network | Display | Printer |
|---|---|---|---|---|---|---|
| C10 | 1.2 GHz, Quad core | 1 GB | 8 GB | Ethernet | 4" 400x800 | - |
| C100 | 1.2 GHz, Quad core | 1 GB | 8 GB | Wifi, 3G/4G | 4" 400x800 | Yes |
Keep in mind that the terminal resources are shared with the Westpay Payment Application Suite.
The customer application must take care not to use so many resources that the payment application is affected or shut down.
The payment application reserves the right to disable the terminal if it detects any activity that presents a security risk or other unacceptable behavior by third party software.
Operating system
The terminals are running Android 6. The supported target framework must be API Level 23, or lower.
In order to meet PCI Security requirements, following file types have to be digitally signed by Westpay in order to be used :
| *.apk | Android Package files |
| *.zip | Archive File format |
| *.so | Shared Object files |
| *.jar | Java Archive files |
| *.aar | Android Archive files |
All software that will be installed on a terminal has to be digitally signed by Westpay.
Wifi networks must use WPA or WPA2 encryption.
Bluetooth is not enabled.
The built-in TLS library only supports the following cipher suites:
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
| TLS_RSA_WITH_AES_256_GCM_SHA384 |
| TLS_RSA_WITH_AES_256_CBC_SHA |
Permissions
Customer applications have to list all required Android permissions in the manifest file.
The following permissions are the only permissions that applications are allowed to use:
| ACCESS_NETWORK_STATE |
| ACCESS_NOTIFICATION_POLICY |
| ACCESS_WIFI_STATE |
| BATTERY_STATS |
| BROADCAST_STICKY |
| CAMERA |
| FOREGROUND_SERVICE |
| GET_PACKAGE_SIZE |
| GLOBAL_SEARCH |
| INSTANT_APP_FOREGROUND_SERVICE |
| INTERNET |
| MODIFY_AUDIO_SETTINGS |
| PACKAGE_USAGE_STATE |
| READ_CALENDAR |
| READ_CONTACTS |
| READ_EXTERNAL_STORAGE |
| READ_SYNC_SETTINGS |
| READ_SYNC_STATS |
| REQUEST_IGNORE_BATTERY_OPTIMIZATIONS |
| VIBRATE |
| TRANSMIT_IR |
| WAKE_LOCK |
| WRITE_CALENDAR |
| WRITE_CONTACTS |
| WRITE_EXTERNAL_STORAGE |
Performance
On battery-powered terminals (e.g. the C100), extra care must be taken so that a customer application does not use excessive resources and drain the battery power unnecessarily.
Please refer to the official Android guidelines on conserving power: https://developer.android.com/topic/performance/power
Settings & Printing
To configure or change settings in Android for things like Wifi, GSM, Power saving profiles or alike you will have to use the Payment Application Integration library* to do so. This is to ensure compliance with PCI making sure the third party software, POS Application, is kept outside the PCI Scope.
* The specifications for the Payment Application Integration Library will be provided at a later stage.
Payment application integration
When a terminal is powered on, the Westpay Payment Application (PA) first starts and initialises itself. When the PA is ready to hand over to the customer application it will broadcast an intent with the action set to se.westpay.intents.START_APP. The customer application must define an intent filter that receives this intent.
After this point, if the customer application needs to use the Westpay Payment Application, it should do so through a library that will be provided by Westpay.
Westpay does not take any responsibility for the quality of customer applications. The customer must take into consideration to carefully test all software running on Westpay Carbon terminals.
1 Comment
Tomas Nilsson
We might want to add some information on what this library is for. Stating they will need it for printing or to configure the terminal settings, wifi etc...
Also something saying that they will not be able to access the android functionality directly in most cases.