Android App Security

“75 Percent of Mobile Security Breaches Will Be the Result of Mobile Application Misconfiguration”

Gartner, May 2014

This site is about Android security from an app perspective. There are lots (too many) sites and books on how to hack Android and tools to hack in various ways. Most of the available information on Android security is written by security researchers rather than app developers.  Instead, this site, written by an Android developer, takes a ‘coding first’, guideline-based approach to prevent, as opposed to detect, security problems.

What are the problems?

Android vulnerabilities   poor OS patching  x  poor coding  =  Sensitive data isn’t secure

The first problem is that poor coding is compounding the problems of Android vulnerabilities that are not being patched by device OS updates. There will always be vulnerabilities and there will always be device manufacturers who don’t update their devices. However, we can solve the poor coding part so as to highly protect sensitive data.

Java easily decompiled  x  many hack tools
=  piracy, malware and IP theft

The second problem is one of piracy. A study by Columbia University showed that a quarter of all Play Store apps were (source code) copies. This problem is probably even greater on the 3rd party app stores where piracy and malware is rife. There’s less that can be done about this but we can make it more difficult to reverse engineer an app.

How to Use This Site

First you might like to read my message to developers and stakeholders. After that, read what you are up against  and define your sensitive data. There are then three ways into this site. Either use the search at the top, the tag cloud on the right hand side (bottom on mobile device) or browse the list of articles. Once you select an article you will also be shown related articles and external references.