CHAPTER 9Writing Secure Android Applications
You have explored many different ways to find vulnerabilities in applications and exploit them. This chapter looks at ways you can prevent these vulnerabilities in your applications by implementing the right security mechanisms.
Protections against common vulnerabilities such as code injection, logic flaws, insecure storage, application configuration, insecure communication channels, logging, and others will be explored. Some of these mechanisms may be simple configuration changes and others require changes at the code level.
Principle of Least Exposure
The fewer entry points there are into an application, the smaller the attack surface is. To minimize an application's attack surface, the application developer needs to perform the following tasks iteratively:
- Consider all entry points into the application. This involves finding every single portion of the application code that is exposed in some way to input from outside sources.
- Remove any entry points that can be. An application that has minimal entry points has already reduced its risk exposure.
- If an entry point has to be exposed, perform security checks at the entry points before running any other code.
Application Components
An application should reduce its exported application components down to the essentials. The fewer exported components, the better. In the following application only its main activity is exported so that it can be launched. No other components are ...
Get The Mobile Application Hacker's Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.