Original address: http://www.javacodegeeks.com/2014/05/simple-tips-to-secure-android-app.html
????????????????? Http://developer.android.com/training/articles/security-tips.html
Android already has security features built into the operating system . significantly reduce the frequency and impact of Application security issues , but as an application developer , we also need to be aware of security issues when developing applications. The security level depends on the type and domain of the application . here are Some of the potential security issues that we need to be aware of , I have already collected this article.
here I have listed some of the most common things you need to protect your application in your development application :
1.do not store private or sensitive data in theSD card。
to store in the Internal Storage of the file , please use below of the Mode ( context.mode_private ) Openfileoutput & Openfileinput Method . Suppose you really want to store the data in an SD card . It is then encrypted for use.
2. Limiting the use of contentprovider by identifying exported flag as false is not necessarily used in every application, but is identified as false only if there is no interaction with other applications.
3. restricted webview to access Local data .
HTML5 and Related Technologies has been widely used in Mobile Web applications or mixed-use (Hybird) applications. for hybrid webview the HTML displayed from the local storage or get HTML and other content from the server . Major security issues for webview are setallowfileaccess() and setallowcontentaccess () method .
4. No sensitive information is transmitted through Broadcastreceiver and Intent . in - process / application using localbroadcastmanager Broadcast data transfer .
Use Localbroadcastmanager need supportv4.jar.
5. do not print sensitive information in the Logcat. favorite username,password,URL ofWeb service . details such as request or response information .
6. Remove unnecessary log logs before the app goes live
7. do not receive the processing of some malicious forgery Intent. in the onreceive() method of the previous broadcastreceiver method received the Intent. Verify The caller's package name , Action , and so on .
8. Add the appropriate self-defined permissions to the service. If you only have your own application, you can add exported = False (same as ContentProvider).
9. Restrict access to activity. If you only have your own application, you can add exported = False.
10. Make sure that debug mode is false before applying the announcement.
One by one. for cross- application functionality , the application responds before validating the call .
HTTPS-based access can be used for 12.server authentication.
13. When you think that some variables or methods in the Java layer easy to crack, you can change the corresponding variable to use JNI to get
using the Proguard file to confuse code
15. Remove unnecessary permissions from the from Androidmanifest.xml.
16. Use Dexclassloader to load the Dex file outside of the application with caution.
Some security considerations for Android app development