SlideShare a Scribd company logo

Android App Security

The Software House, profile picture
The Software House

The document outlines best practices for Android app security, emphasizing the use of application sandboxing and restricted access to app data. It recommends minimum permissions, internal storage, encryption of files, and avoidance of sensitive data in SMS. Additionally, it advises on webview security, using HTTPS, and adhering to platform guidelines for handling databases.

Software
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Android App security.
Android security layers
Application Sandbox Apps run in separate processes.
Application Sandbox Apps run in seperate processes. Restricted access to other apps data (db, files).
Best practices Require minimum permissions.
Best practices Use Internal Storage rather than External Storage.
Best practices Encrypt your files.
Best practices Do not use SMS messages to send sensitive data.
Best practices Track installation id’s rather than device id’s (Universally Unique Identifier).
Best practices Avoid hard coded keys.
Best practices
Best practices WebViews: - enable JavaScript only for trusted sites - avoid passing Java objects to JavaScript
Best practices Do not store any sensitive data in Assets folder in your app.
Best practices Prefer HTTPS connections.
Best practices Stick to platform guidelines (e. g. ContentProviders to handle database).
Thank you

More Related Content

PPS
Flash Security
Ferruh Mavituna
 
PPTX
Building secure android apps
Kaushal Bhavsar
 
PPTX
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
Bunty Madan
 
PDF
Identity Security - Azure Identity Protection
Eng Teong Cheah
 
PPT
Protecting Your Web Site From SQL Injection & XSS
skyhawk133
 
PPTX
Microsoft Azure Information Protection
Syed Sabhi Haider
 
PPTX
Secure Collaboration: Start classifying, labeling, and protecting your (most ...
Bram de Jager
 
PPTX
Linux confau 2019: Web Security 2019
James Bromberger
 
Flash Security
Ferruh Mavituna
 
Building secure android apps
Kaushal Bhavsar
 
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
Bunty Madan
 
Identity Security - Azure Identity Protection
Eng Teong Cheah
 
Protecting Your Web Site From SQL Injection & XSS
skyhawk133
 
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Secure Collaboration: Start classifying, labeling, and protecting your (most ...
Bram de Jager
 
Linux confau 2019: Web Security 2019
James Bromberger
 

What's hot (7)

PDF
WHS-hackability-Index-083013
Janis Weiss
 
PDF
Virtual Networking Security - Perimeter Security
Eng Teong Cheah
 
PDF
Tighten your Security and Privacy
connectwebex
 
PPTX
2 . web app s canners
Rashid Khatmey
 
PPTX
SpTechCon OneDrive Success Part 1: Planning the Leap to the Cloud
Adam Levithan
 
PDF
Techorama - Shadow IT with Cloud Apps
David De Vos
 
PPTX
Web Security Training : Tonex Training
Bryan Len
 
WHS-hackability-Index-083013
Janis Weiss
 
Virtual Networking Security - Perimeter Security
Eng Teong Cheah
 
Tighten your Security and Privacy
connectwebex
 
2 . web app s canners
Rashid Khatmey
 
SpTechCon OneDrive Success Part 1: Planning the Leap to the Cloud
Adam Levithan
 
Techorama - Shadow IT with Cloud Apps
David De Vos
 
Web Security Training : Tonex Training
Bryan Len
 
Ad

Viewers also liked (20)

PDF
PHP 7
The Software House
 
PDF
Praktyczne porady na temat optymalizacji wydajności aplikacji tworzonych z u...
The Software House
 
PDF
Wprowadzenie do języka Swift, czyli nowe podejście do programowania aplikacji...
The Software House
 
PDF
Pierwsza aplikacja na iOS, czyli z czym można się spotkać, co jest trudne i c...
The Software House
 
PDF
Gulp.js - alternatywa do Grunta
The Software House
 
PDF
O Electronie słów kilka
The Software House
 
PDF
Pi razy drzwi - o szacowaniu projektów
The Software House
 
PDF
Bitcoin - (nie)udany eksperyment?
The Software House
 
PDF
Varnish
The Software House
 
PDF
Wielkie protokoły wielkich ludzi
The Software House
 
PDF
Tester - przyjaciel czy wróg programisty?
The Software House
 
PDF
Angular 2.0 – Kochaj albo rzuć!
The Software House
 
PDF
PSR-7 - HTTP message interfaces
The Software House
 
PDF
TDD w iOS
The Software House
 
PDF
Design dla estetycznie ograniczonych
The Software House
 
PDF
Confd - Uszanowanko Programowanko
The Software House
 
PDF
Deploy appki na iOS, czyli magia publikacji
The Software House
 
PDF
Persisting Value Objects
The Software House
 
PDF
Inżynieria społeczna jako element testów bezpieczeństwa - tylko teoria, czy j...
The Software House
 
PDF
Deployment z Ansible
The Software House
 
PHP 7
The Software House
 
Praktyczne porady na temat optymalizacji wydajności aplikacji tworzonych z u...
The Software House
 
Wprowadzenie do języka Swift, czyli nowe podejście do programowania aplikacji...
The Software House
 
Pierwsza aplikacja na iOS, czyli z czym można się spotkać, co jest trudne i c...
The Software House
 
Gulp.js - alternatywa do Grunta
The Software House
 
O Electronie słów kilka
The Software House
 
Pi razy drzwi - o szacowaniu projektów
The Software House
 
Bitcoin - (nie)udany eksperyment?
The Software House
 
Varnish
The Software House
 
Wielkie protokoły wielkich ludzi
The Software House
 
Tester - przyjaciel czy wróg programisty?
The Software House
 
Angular 2.0 – Kochaj albo rzuć!
The Software House
 
PSR-7 - HTTP message interfaces
The Software House
 
TDD w iOS
The Software House
 
Design dla estetycznie ograniczonych
The Software House
 
Confd - Uszanowanko Programowanko
The Software House
 
Deploy appki na iOS, czyli magia publikacji
The Software House
 
Persisting Value Objects
The Software House
 
Inżynieria społeczna jako element testów bezpieczeństwa - tylko teoria, czy j...
The Software House
 
Deployment z Ansible
The Software House
 
Ad

Similar to Android App Security (20)

PPTX
Android Security and Peneteration Testing
Surabaya Blackhat
 
PPTX
Android pen test basics
OWASPKerala
 
PPTX
Getting started with android
Vandana Verma
 
PPTX
Security testing of mobile applications
GTestClub
 
PDF
9 Writing Secure Android Applications
Sam Bowne
 
PPTX
Pentesting Android Apps
Abdelhamid Limami
 
PDF
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios
 
PDF
Android App Hacking - Erez Metula, AppSec
DroidConTLV
 
PPTX
Untitled 1
Sergey Kochergan
 
PPT
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Vinod Kumar
 
PDF
Getting started with Android pentesting
Minali Arora
 
PPT
Securely Deploying Android Device - ISSA (Ireland)
Angelill0
 
PDF
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Romansh Yadav
 
PDF
10 server security hacks to secure your web servers
Temok IT Services
 
PPT
3 secure design principles
drewz lin
 
PDF
Advanced Java
Hossein Mobasher
 
PPT
302 Content Server Security Challenges And Best Practices
phanleson
 
PPTX
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
PPT
Securing Your .NET Application
Iron Speed
 
PDF
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 
Android Security and Peneteration Testing
Surabaya Blackhat
 
Android pen test basics
OWASPKerala
 
Getting started with android
Vandana Verma
 
Security testing of mobile applications
GTestClub
 
9 Writing Secure Android Applications
Sam Bowne
 
Pentesting Android Apps
Abdelhamid Limami
 
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool
Nagios
 
Android App Hacking - Erez Metula, AppSec
DroidConTLV
 
Untitled 1
Sergey Kochergan
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Vinod Kumar
 
Getting started with Android pentesting
Minali Arora
 
Securely Deploying Android Device - ISSA (Ireland)
Angelill0
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Romansh Yadav
 
10 server security hacks to secure your web servers
Temok IT Services
 
3 secure design principles
drewz lin
 
Advanced Java
Hossein Mobasher
 
302 Content Server Security Challenges And Best Practices
phanleson
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
Securing Your .NET Application
Iron Speed
 
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 

More from The Software House (20)

PDF
Jak kraść miliony, czyli o błędach bezpieczeństwa, które mogą spotkać również...
The Software House
 
PDF
Uszanowanko Podsumowanko
The Software House
 
PDF
Jak efektywnie podejść do certyfikacji w AWS?
The Software House
 
PDF
O co chodzi z tą dostępnością cyfrową?
The Software House
 
PDF
Chat tekstowy z użyciem Amazon Chime
The Software House
 
PDF
Migracje danych serverless
The Software House
 
PDF
Jak nie zwariować z architekturą Serverless?
The Software House
 
PDF
Analiza semantyczna artykułów prasowych w 5 sprintów z użyciem AWS
The Software House
 
PDF
Feature flags na ratunek projektu w JavaScript
The Software House
 
PDF
Typowanie nominalne w TypeScript
The Software House
 
PDF
Automatyzacja tworzenia frontendu z wykorzystaniem GraphQL
The Software House
 
PDF
Serverless Compose vs hurtownia danych
The Software House
 
PDF
Testy API: połączenie z bazą danych czy implementacja w pamięci
The Software House
 
PDF
Jak skutecznie read model. Case study
The Software House
 
PDF
Firestore czyli ognista baza od giganta z Doliny Krzemowej
The Software House
 
PDF
Jak utrzymać stado Lambd w ryzach
The Software House
 
PDF
Jak poskromić AWS?
The Software House
 
PDF
O łączeniu Storyblok i Next.js
The Software House
 
PDF
Amazon Step Functions. Sposób na implementację procesów w chmurze
The Software House
 
PDF
Od Figmy do gotowej aplikacji bez linijki kodu
The Software House
 
Jak kraść miliony, czyli o błędach bezpieczeństwa, które mogą spotkać również...
The Software House
 
Uszanowanko Podsumowanko
The Software House
 
Jak efektywnie podejść do certyfikacji w AWS?
The Software House
 
O co chodzi z tą dostępnością cyfrową?
The Software House
 
Chat tekstowy z użyciem Amazon Chime
The Software House
 
Migracje danych serverless
The Software House
 
Jak nie zwariować z architekturą Serverless?
The Software House
 
Analiza semantyczna artykułów prasowych w 5 sprintów z użyciem AWS
The Software House
 
Feature flags na ratunek projektu w JavaScript
The Software House
 
Typowanie nominalne w TypeScript
The Software House
 
Automatyzacja tworzenia frontendu z wykorzystaniem GraphQL
The Software House
 
Serverless Compose vs hurtownia danych
The Software House
 
Testy API: połączenie z bazą danych czy implementacja w pamięci
The Software House
 
Jak skutecznie read model. Case study
The Software House
 
Firestore czyli ognista baza od giganta z Doliny Krzemowej
The Software House
 
Jak utrzymać stado Lambd w ryzach
The Software House
 
Jak poskromić AWS?
The Software House
 
O łączeniu Storyblok i Next.js
The Software House
 
Amazon Step Functions. Sposób na implementację procesów w chmurze
The Software House
 
Od Figmy do gotowej aplikacji bez linijki kodu
The Software House
 

Recently uploaded (20)

PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PPTX
Materi_Pemrograman_Komputer-Looping.pptx
RanuFajar1
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
DOCX
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Introduction Database Management System for Course Database
ReinertYosua
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Materi_Pemrograman_Komputer-Looping.pptx
RanuFajar1
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
AI in Product Development-omnex systems
omnex systems
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
System and Network Administration Chapter 2
jaramharo
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Introduction to Artificial Intelligence
lohedi9363
 
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 

Android App Security