Security Tips for Android Applications.
Android has built-in security feature that significantly
reduce the frequency and impact of application security issue.
1.
An application framework with robust
implementation of common security functionality such as cryptography ,permission.
2.
Technologies like ASLR. NX, ProPolice , safe_iop
,OpenBSd DlMalloc, OpenBSD Calloc,risk associated with common memory Management
errors.
3.
An Encrypted file system that can be enabled to
protect data on lost or stolen Devices.
4.
Application-defined permission to control
application data on n application.
5.
User granted permission to restrict access to system
feature and user data.
Storing Data
The most common security concern for an application on
android.
1.
Internal Storage:-Avoid the MODE_WORLD_WRITEABLE
or MODE_WORLD_READABLE for IPC files because they do not provide the ability to
limit data access to particular application, nor do they provide any control of
data format. You can encrypt local files using a key that is not directly
accessible to the application.
2. External Storage:-File created on external
storage, such as SD cards, are globally readable and Writable. Because external
storage can be removed by the user and also modified by any application .you
should not store executables or class files on external storage prior or dynamic
loading.
3. Content Providers:-creating a content Provider
that is exported for use by other application, you can specify a single
permission for reading and writing, or you can specify distinct permission for
reading and writing. You should limit your permission to those required to
accomplish the task at hand.
Permission
You should minimize the number of permission that your app
request. Restricting access to sensitive permission reduces the risk .your
application in a way that does not require any permission that is preferable.
Generally, you can create permission strive to define as few
permission as possible while satisfying your security requirement.
0 comments