Google Security
Google doesn’t provide a top ten list as such, but does have a Security Best Practices training resource, listed below. Unlike the previous list, this one is specific to Android, which is no surprise as it comes from Google.
1. Avoid opening the files MODE_WORLD_WRITEABLE or MODE_WORLD_READABLE because other apps can read them.
2. Do not store sensitive information using external storage because someone can view the data on the SD card without any protection.
3. If you do not intend to provide other applications with access to your ContentProvider, mark them as android:exported=false in the application manifest.
4. Minimize the number of permissions that your app requests; don’t ask for what you don’t need.
5. Use HTTPS over HTTP ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
