More Related Content


Android App Security.pptx

  1. Android App Security Develop a secure android app
  2. Contents Introduction to security in Android app Maintain secure communication with other apps Secure network communication Security on data storage Secure WebViews Proguard or R8
  3. Introduction to Security in Android app Mobile app security is the practice of safeguarding high-value mobile applications and the digital identity from fraudulent attack in all its forms. This includes tampering, reverse engineering, malware, key loggers, and other forms of manipulation or interference. Mobile app security is securing apps from external threats like viruses and other cyber threats. These viruses and cyber threats may risk financial and other critical data from hackers. Security of mobile applications has become parallelly crucial in today's digital environment.
  4. Maintain Secure communication with other Apps 01 Use Implicit Intents Do not name a specific component, but instead declare a general action to perform, which allows a component from another app to handle it.
  5. Maintain Secure communication with other Apps 02 Non-exported content providers Using exported as ‘true’ means allowing other apps to use it. Use false for securing the activity or provider.
  6. Secure network communication The Network Security Configuration feature lets you customize your app's network security settings in a safe, declarative configuration file without modifying app code. The Network Security Configuration feature uses an XML file where you specify the settings for your app. You must include an entry in your app's manifest to point to this file.
  7. Secure network communication In the configuration file use ‘cleartextTrafficPermitted’ as false. This means it will not allow the application to use plain http calls. Here we can mention the secure domains that we need in our application.
  8. Security on Data storage To save sensitive information of files used in the application or to send sensitive data over the network use Cryptography. Cryptography is the most efficient way to achieve data security. Cryptography techniques include confidentiality, integrity, non-repudiation, and authentication.The many examples of cryptography are DES, AES, RSA, and Diffie-Hellman key exchange.
  9. Security on Data storage 01 Symmetric-key (Secret-key) Used to transmit big data. Symmetric Encryption uses a single key for encryption and decryption. Symmetric encryption is fast technique RC4, AES, DES, 3DES, and QUAD. 02 Asymmetric-key (Public-key) Used to transmit small data. Asymmetric Encryption uses two keys for encryption and decryption Asymmetric encryption is slower in terms of speed. RSA, Diffie-Hellman, ECC algorithms.
  10. Security on Data storage Storing private data within Internal storage. Use External storage cautiously. Store only non-sensitive data in cache files. Use SharedPreferences in private mode by using MODE_PRIVATE. Use Encrypted Shared Preferences.
  11. Secure Webviews If the application does not directly use java script within the WebView then do not call - JavaScriptEnabled(true). Enabling true means any attacker can inject his JavaScript that will give him control.
  12. Proguard or R8 Shrink, obfuscate, and optimize your code with the R8 compiler. This make the application code short and using reverse engineering will not provide the actual code.
  13. Thank you!