5. OWASP Mobile Top 10
Improper platform usage:
• Misuse of a mobile operating system feature
• lack of platform security controls/permission models
Insecure data storage:
• 25 percent of mobile apps have at least one high risk security or privacy flaw
• Vulnerabilities leak personal information that can be used for illicit purposes.
Insecure authentication:
• Category includes session management issues, privacy issues related to authentication
• User identification tokens are compromised.
Reverse engineering:
• Analyze an app’s source code, libraries, algorithms, and more
• With deeper knowledge of an app’s functionality and how it works, an attacker can more easily identify
flaws they can exploit
6. Beyond Top 10
Focus on Data:
• Implement secure data storage
• Certificate and Public key pinning
Thwart reverse engineering:
• Shrink your code and resources (https://developer.android.com/studio/build/shrink-code)
Security as part of quality
Embrace least privilege:
• Access control mechanism to allow apps access device resources
Monitor external libraries and standards implementation: