Application Sandboxing,
Protection against buffer and overflow attacks are some of the security features that an android operating system has, so the simple android apps that do not perform any file system or networking operations can be considered secure by default. As for complex android apps, it is the developer’s and the user’s responsibility to make it secure and protect the privacy of the users.
Note: Application Sandboxing is an approach to software development and Mobile Application Management(MAM) that limts the environments in which certain code can execute. It is also called as Application Containerization.
Some of the best practices to secure android apps are:
Every android app has an internal storage directory whose path is based on the package name of the app. They use Mode_Private to secure files inside this directory. This means that the files in an app cannot be accessed by any other app or device. getFilesDir( ) method is used to ascertain the absolute path of the app’s internal storage directory. Once you know its path, referencing files inside it is simple as referencing files inside any other directory.
There is limited internal storage in an android app. So at times it is better to store sensitive data on external storage media such as removable SD card. As the data in such external storage media can be directly accessed by both users and other apps on the device, thus it is important to store such data in encrypted format. One of the most popular encryption algorithm used is AES, Advanced Encryption Standard with a key size of 256 bits.
Note: IPC means Inter Process Communication
Sockets, named Pipes are used by the programmers of android to communicate with other apps on android. Easier and secure approach to IPC is to use the intents. To send specific data to the component of an app, the developers must create a new instance of intent class and use its setComponent( ) method to specify both the package and the name of the app. Then they can add data using putExtra( ) method.
HTTPS (preferably HttpsURLConnection) is used to communicate between the android app and their servers. The network traffic will be secured as the server is configured with a certificate issued by trusted certificate such as Digicert or GlobalSign. The network traffic should be secured against eavesdropping and man-in-the-middle attacks.
SMS Protocol is neither encrypted nor safe against spoofing attacks. SMS can be read by any app in the user’s device with a Read_SMS permission. GCM is lot more secure than SMS to push messages to an app as the communications are encrypted. They are authenticated using refreshed registration tokens on client side and a unique API key on the server side.
Note: GCM, Google Cloud Messaging
A better approach to user identification and user profile information look up on android is through Google Identity Platform. This platform allows the user to quickly sign into the app using their Google account and thus, the app can easily access the user details like username, email address, contacts, profile photo etc. To handle the credentials by the user itself, they are recommended to store and transmit them in the form of secure hashes. The way to generate different types of hashes using Android SDK is by using MessageDigest class.
User inputs don not leads to buffer overruns in the android device. To avoid making the data vulnerable into SOL injection attacks, developer should allow the users to interact with SQLite database, thus developer must either sanitize user input or make use of parameterized queries.
To secure source code, the developers should make use of a tool called ProGuard which is in android SDK before publishing the app. The default ProGuard configuration publishing in Android SDK’s proguard.android.txt file is sufficient for most apps. If the developer want to add custom rule to configuration, they can do so inside a file named proguard-rules.pro which is a part of Android Studio Project.
Your email address will not be published. Required fields are marked *
ARTIFICIAL INTELLIGENCE Artificial intelligence is also called Machine Intelligence. Artificial Intelligence means intelligence displayed by machines in contrast to the intelligence displayed by humans. There are three different types of artificial intelligence such as Analytical, Human Inspires and Humanized artificial intelligence. Analytical AI is associated with the cognitive intelligence in which the learning is based
Learn MoreBlockchain is found by a person called Satoshi Nakamoto (it may be a group of people, identity is unknown for the name) in the year 2008. Blockchain is an open distributed ledger that record transaction between two parties efficiently and effectively. Blockchain is managed by a peer to peer network in which the data is stored in like “first
Learn MoreApplication Sandboxing, Protection against buffer and overflow attacks are some of the security features that an android operating system has, so the simple android apps that do not perform any file system or networking operations can be considered secure by default. As for complex android apps, it is the developer’s and the user’s responsibility to
Learn MoreSWIFT is fast and safe type programming to develop iOS apps with native tools created by Apple INC. SWIFT took language ideas from Objective C and many others. On June 2, 2014 the Apple WorldWide Developers Conference application became the first publicly released app written with SWIFT. FUTTER is an open source, multi-platform which builds
Learn More