16 Ways to Create a Secure Android Application
The security functionality provided by the Android platform is rich, and strong security mechanisms can be created using built-in features.
Here is a list of checks that you can use to assess the security of your application.
Check that all code paths into application components expose only the functionality that is intended
Minimize the storage of user data down to the essentials
Limit interaction with untrusted sources and scrutinize any outside interaction
Verify that the minimum possible set of permissions have been requested by the application
Ensure that no unintended files are bundled inside the APK
Assign permissions to all exported application components
Ensure that sensitive inputs do not store any typed-in words into the Android dictionary
Ensure that all inputs for user passwords are appropriately masked
Ensure that content providers do not have SQL injection vulnerabilities
Ensure that file-backed content providers do not provide access to unintended files
Ensure that pattern-matching flaws do not exist on any paths protected by permissions
Set restrictive file permissions on files stored inside the private data directory
Pay attention to the sensitivity of files stored on the SD card
Ensure that sensitive files stored anywhere on the filesystem are encrypted
Encrypt all communications to the Internet using well-known standards
The Mobile Application
Hacker’s Handbookby Dominic Chell, Tyrone Erasmus,
Shaun Colley, and Ollie Whitehouse
THESE ARE JUST SOME OF THE WAYS DEVELOPERS CAN ENSURE THEIR ANDROID APPLICATIONS ARE SECURE.
FOR THE FULL LIST, CHECK OUT