16 Ways to Create a Secure Android Application

The security functionality provided by the Android platform is rich, and strong security mechanisms can be created using built-in features.

Here is a list of checks that you can use to assess the security of your application.

Check that all code paths into application components expose only the functionality that is intended

Minimize the storage of user data down to the essentials

Limit interaction with untrusted sources and scrutinize any outside interaction

Verify that the minimum possible set of permissions have been requested by the application

Ensure that no unintended files are bundled inside the APK

Assign permissions to all exported application components

Ensure that sensitive inputs do not store any typed-in words into the Android dictionary

Ensure that all inputs for user passwords are appropriately masked

Ensure that content providers do not have SQL injection vulnerabilities

Ensure that file-backed content providers do not provide access to unintended files

Ensure that pattern-matching flaws do not exist on any paths protected by permissions

Set restrictive file permissions on files stored inside the private data directory

Pay attention to the sensitivity of files stored on the SD card

Ensure that sensitive files stored anywhere on the filesystem are encrypted

Encrypt all communications to the Internet using well-known standards

The Mobile Application

Hacker’s Handbookby Dominic Chell, Tyrone Erasmus,

Shaun Colley, and Ollie Whitehouse

THESE ARE JUST SOME OF THE WAYS DEVELOPERS CAN ENSURE THEIR ANDROID APPLICATIONS ARE SECURE.

FOR THE FULL LIST, CHECK OUT