Android App Security
Develop a secure android app

Contents
Introduction to security in Android app
Maintain secure communication with other apps
Secure network communication
Security on data storage
Secure WebViews
Proguard or R8

Introduction to Security in Android app
Mobile app security is the practice of safeguarding high-value mobile applications and
the digital identity from fraudulent attack in all its forms. This includes tampering,
reverse engineering, malware, key loggers, and other forms of manipulation or
interference.
Mobile app security is securing apps from external threats like viruses and other cyber
threats. These viruses and cyber threats may risk financial and other critical data from
hackers. Security of mobile applications has become parallelly crucial in today's digital
environment.

Maintain Secure communication with other
Apps
01 Use Implicit Intents
Do not name a specific component,
but instead declare a general
action to perform, which allows a
component from another app to
handle it.

Maintain Secure communication with other
Apps
02 Non-exported content providers
Using exported as ‘true’ means allowing other apps to use it. Use false for
securing the activity or provider.

Secure network communication
The Network Security Configuration feature lets you customize your
app's network security settings in a safe, declarative configuration
file without modifying app code.
The Network Security Configuration feature uses an XML file where
you specify the settings for your app. You must include an entry in
your app's manifest to point to this file.

Secure network communication
In the configuration file use ‘cleartextTrafficPermitted’ as false.
This means it will not allow the application to use plain http calls.
Here we can mention the secure domains that we need in our
application.

Security on Data storage
To save sensitive information of files used in the application or to send sensitive
data over the network use Cryptography. Cryptography is the most efficient way
to achieve data security.
Cryptography techniques include confidentiality, integrity, non-repudiation, and
authentication.The many examples of cryptography are DES, AES, RSA, and
Diffie-Hellman key exchange.

Security on Data storage
01 Symmetric-key (Secret-key)
Used to transmit big data.
Symmetric Encryption uses a single
key for encryption and decryption.
Symmetric encryption is fast
technique
RC4, AES, DES, 3DES, and QUAD.
02 Asymmetric-key (Public-key)
Used to transmit small data.
Asymmetric Encryption uses two keys for
encryption and decryption
Asymmetric encryption is slower in terms
of speed.
RSA, Diffie-Hellman, ECC algorithms.

Security on Data storage
Storing private data within Internal storage.
Use External storage cautiously.
Store only non-sensitive data in cache files.
Use SharedPreferences in private mode by using MODE_PRIVATE.
Use Encrypted Shared Preferences.

Secure Webviews
If the application does not directly use java script within the WebView
then do not call - JavaScriptEnabled(true).
Enabling true means any attacker can inject his JavaScript that will
give him control.

Proguard or R8
Shrink, obfuscate, and
optimize your code with
the R8 compiler.
This make the application
code short and using
reverse engineering will
not provide the actual
code.

Thank you!