Created
March 31, 2018 21:32
-
-
Save maretekent/9e5cc82b222001f874de4d201e8cc56d to your computer and use it in GitHub Desktop.
Android Security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Excessive Logging: | |
| private void logD(String message) { | |
| if (BuildConfig.DEBUG) | |
| Log.d(this.getLocalClassName(), message); | |
| } | |
| Execessive logging of sensitive security data should be avoided in prod env. |
insecure Local storage:
save reg data on the server and check free period of the application usage each time the user enter it. obfuscate android code to provide protection against reverse enginerring
Sensitive data in storage:
sensitive data should be encrypted and only store data that is required encrypted.
don't assume data and properties of the app
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Autocompletion:
mask important fields within the application
ensure the autocomplete is toggled off for important fields
e.g.
void setAutocomplete() {
EditText firstNameView = (editText) findViewById(R.id.first_name);
EditText secondNameView = (editText) findViewById(R.id.second_name);
firstNameView.setInputType(inputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS);
secondNameView.setInputType(inputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS);
}