More Sophisticated Attacks
As has been mentioned several times before in this book, the examples of insecure coding techniques that we’ve used come from real-world apps that we’ve encountered in a more or less ad hoc fashion over the past two to three years.
At its most basic, the insecure coding practices fall into the following categories:
Usernames and passwords stored as cleartext in shared preferences
Credit card data stored as cleartext in shared preferences
Encryption keys hard coded in the APK, exposing passwords or credit card data
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.