palmerc
commented
7 years ago I'm guessing the security for RuterBillett is mostly to make management feel better. The frequency and manner of checking is way too lax to be of any benefit other than show, but maybe that's all they need. Most people are honest and buy the tickets they're obligated to buy.
Don't know. Haven't had a jailbroken phone in a while and I was simply documenting this so I can remove the directory from my machine. I'm guessing that very little has been improved in terms of security. It is difficult to secure a system that is based upon client side security unless you have dedicated hardware for payments like Apple Pay. Also doesn't help that they didn't specifically hire a security consultant.
I have seen that the inspectors on Ruter now check the QR code which is 'marginally' more secure than before. You'd need a pool of tickets to share instead of just one. NSB is much more lax. In theory they could see if two people on the bus were using the same QR code. So someone would need to test it out to see what sort of checks they're doing with regards to the ticket. I'm guessing it is still a shitshow.