[julia-zheng]

Thank you!

The photos of cards aren't stored anywhere - everything is analyzed on device to ensure privacy and compliance.

Re privacy policy - thanks, gotta put that up!

[ericpauley]

Does this mean the app is necessarily a trusted component here? What's to stop an adversary from reverse engineering the application, especially on a platform like Android where applications are side-loaded and binaries largely maintain source-level semantics?

I guess you could argue that, from the merchant's perspective, they just want to avoid being the easiest target.

[julia-zheng]

Exactly - the effort required for this much beyond what most fraudsters would be willing to do on most platforms.