Security should always be an important factor in the product development process. Lack of proper implementation of security mechanisms may result in an app compromising user data. Consequences might be severe, starting from legally bound fines and ending up with
loss of trust to the product and significant drop in the user base.
This guide covers the most important and problematic development challenges regarding Android application security. Each chapter contains detailed description of a challenge and provides up-to-date best practices along with code samples and development guidelines. At the end of each chapter, there is a list of key issues (recommendations) to focus on in the process of high-risk mobile application development – e.g. applications processing financial, confidential, or personal data.
Topics covered in this guide:
- Android instance identifiers
- Establishing Communication
- Keeping your secrets safe
- Root detection
- Webview on Android
- Protection against reverse engineering
Last but not least, keep in mind that both security mechanisms and attack techniques are constantly evolving, thus both developers as well as security professionals should be always at alert and constantly update their knowledge on current best practices and standards.
If you have any comments, change request, want to provide any feedback or help with future development of this document, please don’t hesitate to contact us.