Guidelines on mobile application security – Android edition

Based on our experience in the Android applications security field, we have collected most valued good practices and guidelines and present them in the form of an e-book.

Łukasz Bobrek 2021.03.03   –   4 MIN read

Security should always be an important factor in the product development process. Lack of proper implementation of security mechanisms may result in an app compromising user data. Consequences might be severe, starting from legally bound fines and ending up with 
loss of trust to the product and significant drop in the user base. 

This guide covers the most important and problematic development challenges regarding Android application security. Each chapter contains detailed description of a challenge and provides up-to-date best practices along with code samples and development guidelines. At the end of each chapter, there is a list of key issues (recommendations) to focus on in the process of high-risk mobile application development – e.g. applications processing financial, confidential, or personal data. 

Additionally, the good and secure SDLC process should also include threat modelling at the beginning and penetration testing at the end. 

Topics covered in this guide:

  1. Android instance identifiers
  2. Establishing Communication
  3. Keeping your secrets safe
  4. Root detection
  5. Webview on Android
  6. Protection against reverse engineering

Last but not least, keep in mind that both security mechanisms and attack techniques are constantly evolving, thus both developers as well as security professionals should be always at alert and constantly update their knowledge on current best practices and standards.

If you have any comments, change request, want to provide any feedback or help with future development of this document, please don’t hesitate to contact us.

Get this material on your inbox

get

Łukasz Bobrek
Łukasz Bobrek Senior IT Security Consultant