Security issues with apps
according to the information on the Internet, listed some of the security issues of the app, the main points are as follows:
1. Privacy data
- External storage security and internal storage security
- Whether the privacy information, such as user name, password, chat history, configuration information, is saved locally, encrypted and saved
- Determine if the information has been tampered with before using the data
2. Privilege attacks
- Check the directory where the app resides, and its permissions must not allow other group members to read and write
- Check if system permissions are compromised
3. Data communication
- Software-to-software communication security, primarily intended not to be intercepted by other programs
- Software and network server communication security, that is, the detection of sensitive information in the network transmission is encrypted processing
- Prevent brute force user name and password
4. Explain protection at runtime
- For software with embedded interpreter, check for XSS, SQL injection Vulnerability
- Use the Webiew app to check for URL spoofing vulnerabilities
5. Android Component Rights protection
- Prohibit app internal components from being called by any third party program
- Prohibit activity from being called by any third party program
- Prohibit activity hijacking
- Broadcast receive and send security, can only receive the broadcast sent by this program, send the content do not want to let third party obtain
- Prohibit malicious start-up or stop service
- Content Provider Permissions for operations
- If a component needs to be called externally, check to see if the caller has a signing limit
6. Upgrade
- Check if the integrity and legality of the upgrade package has been verified to prevent the upgrade package from being hijacked
7. Third-party libraries
- If you use a third-party library, you need to follow up with third-party library updates and check the security of third-party libraries
8. ROM Security
- Use the ROM provided by the official ROM or the authoritative team to avoid the addition of embedded ads, Trojans, etc. in ROM
9. Fighting against anti-cracking
- Against anti-compilation, that is, it cannot be deserialized by the anti-compilation tool, or the correct disassembly code cannot be obtained after decompile
- Anti-static analysis with code obfuscation, code encryption
- Anti-dynamic debug, add code to detect debugger and simulator in software
- Prevent recompilation, check signature, checksum hash value of DEX file after compilation
Security issues with apps
