As has been mentioned several times before in this book, the examples of insecure coding techniques that we’ve used come from real-world apps that we’ve encountered in a more or less ad hoc fashion over the past two to three years.
At its most basic, the insecure coding practices fall into the following categories:
Usernames and passwords stored as cleartext in shared preferences
Credit card data stored as cleartext in shared preferences
Encryption keys hard coded in the APK, exposing passwords or credit card data