Open top menu

Security Tips for Android Applications.

Android has built-in security feature that significantly reduce the frequency and impact of application security issue.

1.       An application framework with robust implementation of common security functionality such as cryptography ,permission.
2.       Technologies like ASLR. NX, ProPolice , safe_iop ,OpenBSd DlMalloc, OpenBSD Calloc,risk associated with common memory Management errors.
3.       An Encrypted file system that can be enabled to protect data on lost or stolen Devices.
4.       Application-defined permission to control application data on n application.
5.       User granted permission to restrict access to system feature and user data.


Storing Data

The most common security concern for an application on android.
1.       Internal Storage:-Avoid the MODE_WORLD_WRITEABLE or MODE_WORLD_READABLE for IPC files because they do not provide the ability to limit data access to particular application, nor do they provide any control of data format. You can encrypt local files using a key that is not directly accessible to the application.

2.  External Storage:-File created on external storage, such as SD cards, are globally readable and Writable. Because external storage can be removed by the user and also modified by any application .you should not store executables or class files on external storage prior or dynamic loading.

3.  Content Providers:-creating a content Provider that is exported for use by other application, you can specify a single permission for reading and writing, or you can specify distinct permission for reading and writing. You should limit your permission to those required to accomplish the task at hand.


Permission

You should minimize the number of permission that your app request. Restricting access to sensitive permission reduces the risk .your application in a way that does not require any permission that is preferable.
Generally, you can create permission strive to define as few permission as possible while satisfying your security requirement.





















































Tagged

0 comments