Some security considerations for Android app development

Source: Internet
Author: User


Original address: http://www.javacodegeeks.com/2014/05/simple-tips-to-secure-android-app.html

Http://developer.android.com/training/articles/security-tips.html


Android already has security features built into the operating system that significantly reduce Application security issues frequency and impact , but as an application developer , we also need to be aware of security issues when developing applications. The security level depends on the type and domain of the application . here are Some of the potential security issues we need to be aware of , I have already collected this article.


here I list some of the most common things you need to protect your application in your development application:

1.do not store private or sensitive data on the SD card. to store files that are stored internally , use the following pattern (context.mode_private)openfileoutput & Openfileinput method . If you really want to store the data in an SD card , then encrypt it use.


2. Limit the use of ContentProvider by identifying exported flag as false, and certainly not necessarily in every application, except to be identified as false without interacting with other applications.


3. restricted webview to access Local data . HTML5 and related technologies have been widely used in Mobile Web applications or Mixed-type (hybird) applications. for hybrid , WebView displays html from Local storage or get HTML and other content from the server . Major security issues for webview are setallowfileaccess() and setallowcontentaccess () method .


4. No sensitive information is transmitted through Broadcastreceiver and Intent . in - process / application using localbroadcastmanager Broadcast data transfer . using localbroadcastmanager requires Supportv4.jar.


5. do not print sensitive information in the Logcat. like the username , password , urlof theWeb service , details such as request or response information .


6. Remove unnecessary log logs before the app goes live


7. do not receive the processing of some malicious forgery Intent. in the onreceive() method of the previous broadcastreceiver method Intentreceived, verify the caller 's package name , action and other information .


8. Add a custom permission to the service. If only your own app is used, you can add exported = False (same as ContentProvider).


9. Restrict access to activity, and add exported = False if only your own apps are used.


10. Make sure that debug mode is false before applying the release.


One by one. for cross- application functionality , the application responds before validating the call .


12. HTTPS-based access can be used for server authentication.


13. When you think that some variables or methods in the Java layer is easy to crack, you can change the corresponding variable to use JNI to get


using the Proguard file to confuse code


15. Remove unnecessary permissions from the from Androidmanifest.xml.


16. Use Dexclassloader to load the Dex file outside of the application with caution.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.