Upload File

best practices in android application security

  • Home
  • Mobile
  • Best Practices in Android Application Security
17
Mobile App Security Meet For most enterprises and consumers today, mobile and cloud security are viewed in a pretty straightforward way — don't assume there is any. Android application best practises

Upload: appvigil-mobile-app-security-scanner

Post on 26-Jan-2017

632 views

Category:

Mobile


2 download

Report

TRANSCRIPT

Page 1: Best Practices in Android Application Security

Mobile App Security Meet

For most enterprises and consumers today, mobile and cloud security are viewed in a pretty straightforward way — don't assume there is any.

Android application best practises

Page 2: Best Practices in Android Application Security

Mobile App Security Meet

Mobile first

”The future of mobile is the future of online. It is how people access online content now.

Page 3: Best Practices in Android Application Security

Mobile App Security Meet

Understanding Android

Page 4: Best Practices in Android Application Security

Android APK

Mobile App Security Meet

Dex file is one of the most remarkable features of the Dalvik VM (the workhorse under the Android system) It does not use Java bytecode. Instead, a homegrown format called DEX

Android programs are compiled into .dex, which are in turn zipped into a single .apk file on the device

AndroidManifest.xml is a powerful file in the Android platform that allows you to describe the functionality and requirements of your application to Android

Page 5: Best Practices in Android Application Security

Mobile App Security Meet

Data on Device

Page 6: Best Practices in Android Application Security

Data on Device

Any data stored on the device should be encrypted

SharedPreferences by android stores the data in plain text

An implementation of SharedPreferences that encrypts data before storage

Page 7: Best Practices in Android Application Security

Data on Device

File view of the shared preference storage in Android

Page 8: Best Practices in Android Application Security

Data on Device

SQLite Storage in Android

Confidential data should be encrypted and stored in the tables

Page 9: Best Practices in Android Application Security

Mobile App Security Meet

Apps in Device

Broadcast Receivers

Use Permissions to send broadcasts to communicate between components

Android Permission model

Use android permissions selectively for defining components in the Manifest file

Page 10: Best Practices in Android Application Security

Mobile App Security Meet

Apps in Device

Custom receiver to listen for broadcasting intents

Sending broadcast intents from an android component

Page 11: Best Practices in Android Application Security

Mobile App Security Meet

Best Practice

Custom receiver to listen for broadcasting intents

Sending broadcast intents from an android component

Page 12: Best Practices in Android Application Security

Mobile App Security Meet

App to Cloud

● Always communicate over HTTPS

● Implement SSL Pinning

● Gzipping the request and response bodies

Page 13: Best Practices in Android Application Security

Mobile App Security Meet

Apps to Cloud

An API call traced by a proxy sitting between the app and the cloud server

Page 14: Best Practices in Android Application Security

Mobile App Security Meet

Best Practice

Gzipping the request body for the API call from the android app

Request body traced by the proxy

Page 15: Best Practices in Android Application Security

Mobile App Security Meet

Best Practice

SSL pinned client for android apps

Page 16: Best Practices in Android Application Security

Mobile App Security Meet

Deployment

Before deploying on playstore use Proguard to obfuscate the code to prevent reverse engineering attacks

Page 17: Best Practices in Android Application Security

Mobile App Security Meet

Thank you


Android Best Practices

Inside Android Security

Android Mobile Security

Testing Android Security

Android Roo Security

Android Security

Android Taipei 2013 August - Android Apps Security

Android best practices 2015

Android Performance Best Practices

Lecture android best practices

Security on android

Android Security Overview _ Android Open Source

Android Security Overview and Safe Practices for Web-Based Android Applications

Android Security Essentials

IndustryOrientedTrainingand! !CapacityBuildingProgram!on ... · To provide in-depth knowledge of through hands-on for Web Security, Android Security and IOS security practices. !

Android Security - Common Security Pitfalls in Android Applications

Android Applications Security

Mike Arpaia Android Security Overview · Android Security Model Android is not the Java security model: - No Java Security Manager, no Java Sandbox - Dalvik NOT a security barrier

Android security architecture - usmile.at · Android’s security architecture Nikolay Elenkov Android Security Symposium, Sep 2015 Vienna

Android system security

ANDROID SECURITY - DEIfantozzi/esp1516/files/Android...Android Security P. Faruki et al., "Android Security: A Survey of Issues, Malware Penetration, and Defenses" Felt, Adrienne Porter,

Android Security #1 Prabhaker Mateti A first lecture on Android Security, assuming familiarity with Android Internals

Context on Android security - Black Hat · PDF fileMOBILE APPLICATION SECURITY ON ANDROID Context on Android security Black Hat 2009 This document describes the Android Security Model

Avira Free Android Security - Avira Antivirus · Avira Free Android Security 2.0 (Status 08-20-2013) 4 1. Introduction Avira Free Android Security version 2.0 is an Android security

Android Application Security

Android Sdk Best Practices

Android security white paper · 2019. 10. 16. · Private apps Unknown sources Managed App configuration Security best practices Conclusion Android security white paper 2. ... On

Native Android Development Practices

Android Security Overview for Android Developers

Secure Mobile Development Best Practices - msr-lab.com · Best Practices – Secure Mobile Development for Android and iOS Mobile Security Research Lab 2 ABOUT MOBILE SECURITY RESEARCH