Android App Security.pptx

•Download as PPTX, PDF•

0 likes•18 views

This ppt is for focusing the major things while application development for securing the app from hackers. In this PPT there is few points that any developer should focus while development.

Mobile

Android App Security
Develop a secure android app

Contents
Introduction to security in Android app
Maintain secure communication with other apps
Secure network communication
Security on data storage
Secure WebViews
Proguard or R8

Introduction to Security in Android app
Mobile app security is the practice of safeguarding high-value mobile applications and
the digital identity from fraudulent attack in all its forms. This includes tampering,
reverse engineering, malware, key loggers, and other forms of manipulation or
interference.
Mobile app security is securing apps from external threats like viruses and other cyber
threats. These viruses and cyber threats may risk financial and other critical data from
hackers. Security of mobile applications has become parallelly crucial in today's digital
environment.

Maintain Secure communication with other
Apps
01 Use Implicit Intents
Do not name a specific component,
but instead declare a general
action to perform, which allows a
component from another app to
handle it.

Maintain Secure communication with other
Apps
02 Non-exported content providers
Using exported as ‘true’ means allowing other apps to use it. Use false for
securing the activity or provider.

Secure network communication
The Network Security Configuration feature lets you customize your
app's network security settings in a safe, declarative configuration
file without modifying app code.
The Network Security Configuration feature uses an XML file where
you specify the settings for your app. You must include an entry in
your app's manifest to point to this file.

Secure network communication
In the configuration file use ‘cleartextTrafficPermitted’ as false.
This means it will not allow the application to use plain http calls.
Here we can mention the secure domains that we need in our
application.

Security on Data storage
To save sensitive information of files used in the application or to send sensitive
data over the network use Cryptography. Cryptography is the most efficient way
to achieve data security.
Cryptography techniques include confidentiality, integrity, non-repudiation, and
authentication.The many examples of cryptography are DES, AES, RSA, and
Diffie-Hellman key exchange.

Security on Data storage
01 Symmetric-key (Secret-key)
Used to transmit big data.
Symmetric Encryption uses a single
key for encryption and decryption.
Symmetric encryption is fast
technique
RC4, AES, DES, 3DES, and QUAD.
02 Asymmetric-key (Public-key)
Used to transmit small data.
Asymmetric Encryption uses two keys for
encryption and decryption
Asymmetric encryption is slower in terms
of speed.
RSA, Diffie-Hellman, ECC algorithms.

Security on Data storage
Storing private data within Internal storage.
Use External storage cautiously.
Store only non-sensitive data in cache files.
Use SharedPreferences in private mode by using MODE_PRIVATE.
Use Encrypted Shared Preferences.

Secure Webviews
If the application does not directly use java script within the WebView
then do not call - JavaScriptEnabled(true).
Enabling true means any attacker can inject his JavaScript that will
give him control.

Proguard or R8
Shrink, obfuscate, and
optimize your code with
the R8 compiler.
This make the application
code short and using
reverse engineering will
not provide the actual
code.

Similar to Android App Security.pptx

Storage of user or application-generated user-specific private, confidential data on a third party storage provider comes with its own set of challenges. Although such data is usually encrypted while in transit, securely storing such data at rest presents unique security challenges. The first challenge is the generation of encryption keys to implement the desired threat containment. The second challenge is secure storage and management of these keys. This can be accomplished in several ways. A naive approach can be to trust the boundaries of a secure network and store the keys within these bounds in plain text. A more sophisticated method can be devised to calculate or infer the encryption key without explicitly storing it. This paper focuses on the latter approach. Additionally, the paper also describes the implementation of a system that in addition to exposing a set of REST APIs for secure CRUD operations also provides a means for sharing the data among specific users.

Multi-part Dynamic Key Generation For Secure Data Encryption

CSCJournals

OWASP Mobile Security: Top 10 Risks for 2017

TecsyntSolutions

Design of Hybrid Cryptography Algorithm for Secure Communication

IRJET Journal

With growing awareness and concerns regarding to cloud computing and information security, there is a growing awareness and usage of security algorithms into data systems and processes. Confidentiality means the data is understandable to the receiver only for all others it would be waste; it helps in preventing the unauthorized disclosure of sensitive information. Integrity means data received by receiver should be in the same form, the sender sends it; integrity helps in preventing modification from unauthorized user. Availability refers to assurance that user has access to information anytime and to any network. In the cloud confidentiality is obtained by cryptography. Cryptography is technique of converting data into unreadable form during storage and transmission, so that it appears waste to intruders. In the cloud integrity can be checked using a message authentication code (MAC) algorithm. Also by the help of calculating the hashing value. But both methods are not practically possible for large amount of data. Here symmetric algorithms (like IDEA, Blowfish, and DES) and asymmetric algorithms (like RSA, Homomorphic) are used for cloud based services that require data encryption. While sending data and during storage data is under threat because any unauthorized user can access it, modify it, so there is need to secure data. Any data is secure, if it fulfills three conditions i.e., Confidentiality, Integrity and Availability. There is a need to find a way to check data integrity while saving bandwidth and computation power. Remote data auditing, by which the data integrity or correctness of remotely stored data is investigated, has been given more attention recently.

SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM

Journal For Research

Technical seminar on Security

STS

Endpoint security solutions plays a vital part in every organization. Endpoint security solutions protect an organisation’s digital perimeter, including its large IT assets. Different types of endpoint security solutions are there for our use mainly in present technology. Techno Edge Systems LLC offers reliable endpoint security solutions Dubai. For any queries Contact us: 971-54-4653108 Visit us: https://www.itamcsupport.ae/blog/what-are-the-different-types-of-endpoint-security-solutions/

What are the Different Types of Endpoint Security Solutions-converted.pdf

IT AMC Support Dubai - Techno Edge Systems LLC

Paper id 27201448

IJRAT

Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal. YOU'LL LEARN: Security by design in Drupal Site audit and security best practices Encrypting sensitive data Key management (encryption & API) Resources to improve security

Security by Design: An Introduction to Drupal Security

Tara Arnold

Security by design: An Introduction to Drupal Security

Mediacurrent

Are you an Android developer or an enterprise ready to launch your Android App? Then wait! Did you check for the security risks that your mobile app can is exposed to? According to a Forbes 2014 report, Android malware rose from 238 threats in 2012 to 2.5 times in 2013. With the lack of strict security measures, cyber attacks have only increased with each passing year. To avoid being a victim of any malware, enterprises and developers should ensure a complete security check before they launch their Android apps. In this deck, We have shared 21 most essential security measures that any Android app developer or security professional should follow.

The Ultimate Security Checklist Before Launching Your Android App

Appknox

Presentation1.pptx

chWaqasZahid

Unit 1 Information Security.docx

PrernaThakwani

Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...

IRJET Journal

Security and privacy considerations play a vital role in the Open Network for Digital Commerce, ensuring the protection of users' sensitive information and enabling secure transactions in the open network. In this open network, robust security measures are implemented to safeguard against potential threats and unauthorized access. Privacy considerations in digital commerce are of utmost importance, with stringent protocols in place to protect personal data and ensure compliance with privacy regulations.

Security and Privacy Considerations in the Open Network for Digital Commerce.pdf

Nikhil Khunteta

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.

Kp3419221926

IJERA Editor

Wireless Networking

GulshanAra14

Mobile App Security - Best Practices

RedBlackTree

Moodle Monkey PPTs

ZomakSoluion

Dos and Don’ts of Network Security.pdf

NeilStark1

Cryptography plays a major role in securing data. It is used to ensure that the contents of a message are confidentially transmitted and would not be altered. Network security is most vital component in information security as it refers to all hardware and software function, characteristics, features, operational procedures, accountability, access control, and administrative and management policy. Cryptography is central to IT security challenges, since it underpins privacy, confidentiality and identity, which together provide the fundamentals for trusted e-commerce and secure communication. There is a broad range of cryptographic algorithms that are used for securing networks and presently continuous researches on the new cryptographic algorithms are going on for evolving more advanced techniques for secures communication.

Analysis of Cryptographic Algorithms for Network Security

Editor IJCATR

Similar to Android App Security.pptx (20)

Multi-part Dynamic Key Generation For Secure Data Encryption

OWASP Mobile Security: Top 10 Risks for 2017

Design of Hybrid Cryptography Algorithm for Secure Communication

SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM

Technical seminar on Security

What are the Different Types of Endpoint Security Solutions-converted.pdf

Paper id 27201448

Security by Design: An Introduction to Drupal Security

Security by design: An Introduction to Drupal Security

The Ultimate Security Checklist Before Launching Your Android App

Presentation1.pptx

Unit 1 Information Security.docx

Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...

Security and Privacy Considerations in the Open Network for Digital Commerce.pdf

Kp3419221926

Wireless Networking

Mobile App Security - Best Practices

Moodle Monkey PPTs

Dos and Don’ts of Network Security.pdf

Analysis of Cryptographic Algorithms for Network Security

Android App Security.pptx

1. Android App Security Develop a secure android app

2. Contents Introduction to security in Android app Maintain secure communication with other apps Secure network communication Security on data storage Secure WebViews Proguard or R8

3. Introduction to Security in Android app Mobile app security is the practice of safeguarding high-value mobile applications and the digital identity from fraudulent attack in all its forms. This includes tampering, reverse engineering, malware, key loggers, and other forms of manipulation or interference. Mobile app security is securing apps from external threats like viruses and other cyber threats. These viruses and cyber threats may risk financial and other critical data from hackers. Security of mobile applications has become parallelly crucial in today's digital environment.

4. Maintain Secure communication with other Apps 01 Use Implicit Intents Do not name a specific component, but instead declare a general action to perform, which allows a component from another app to handle it.

5. Maintain Secure communication with other Apps 02 Non-exported content providers Using exported as ‘true’ means allowing other apps to use it. Use false for securing the activity or provider.

6. Secure network communication The Network Security Configuration feature lets you customize your app's network security settings in a safe, declarative configuration file without modifying app code. The Network Security Configuration feature uses an XML file where you specify the settings for your app. You must include an entry in your app's manifest to point to this file.

7. Secure network communication In the configuration file use ‘cleartextTrafficPermitted’ as false. This means it will not allow the application to use plain http calls. Here we can mention the secure domains that we need in our application.

8. Security on Data storage To save sensitive information of files used in the application or to send sensitive data over the network use Cryptography. Cryptography is the most efficient way to achieve data security. Cryptography techniques include confidentiality, integrity, non-repudiation, and authentication.The many examples of cryptography are DES, AES, RSA, and Diffie-Hellman key exchange.

9. Security on Data storage 01 Symmetric-key (Secret-key) Used to transmit big data. Symmetric Encryption uses a single key for encryption and decryption. Symmetric encryption is fast technique RC4, AES, DES, 3DES, and QUAD. 02 Asymmetric-key (Public-key) Used to transmit small data. Asymmetric Encryption uses two keys for encryption and decryption Asymmetric encryption is slower in terms of speed. RSA, Diffie-Hellman, ECC algorithms.

10. Security on Data storage Storing private data within Internal storage. Use External storage cautiously. Store only non-sensitive data in cache files. Use SharedPreferences in private mode by using MODE_PRIVATE. Use Encrypted Shared Preferences.

11. Secure Webviews If the application does not directly use java script within the WebView then do not call - JavaScriptEnabled(true). Enabling true means any attacker can inject his JavaScript that will give him control.

12. Proguard or R8 Shrink, obfuscate, and optimize your code with the R8 compiler. This make the application code short and using reverse engineering will not provide the actual code.

13. Thank you!

Android App Security.pptx

Recommended

Recommended

More Related Content

Similar to Android App Security.pptx

Similar to Android App Security.pptx (20)

Android App Security.pptx