Basic Android Application Security

Description : Because Web Content that can have HTML and JavaScript Improper use might to be web security problem occurred such as insert Javascript Command. Basic recomment :  - use method : setJavaScriptEnabled(); protect cross-site scripting - recommend exposing only Javascript contained in your application.   method : addJavaScriptInterface(); - If your application access sensitive information   to consider use remove files that store specific place.   for example, to indicate that application not should cache particular content.   use : method clearCache();   ( clearCache(); will to do clear all cache of used ) Reference :  https://developer.android.com/training/articles/security-tips

Description :  This is Developer not filter sensitive information before store into database. How to fix : - You should to do select Input type of EditText to be correct in Android Studio. - Use Pattern Class filter more information before store into database and more. More Information : Data and file storage on Android Preferences :   //  Files lost when delete app. - Data that store that have key and value in file .xml - Shared Preference - Secure Preference - EncryptedSharedPreferences Database : in android app   //  Files lost when delete app.   - SQLiteOpenHelper   - Room   - SQLCipher Shared Storage : Data that share with others app. Such as : Media : images , audio , videos , documents   //  Files no lost when delete app.  - MediaStore API - Content Provider for open Database for other app can query come to your app. can be determined, such as specific app that use same keystore. App-specific storage : Divided into 2 types Internal Storage (Keep a little but be safe)  //  Files

Description :  This is problem of Developer that to do store sensitive information  such as Username Password into Share Preferences file is not have encode information. How to fix : If you whant store sensitive information There are some basic recommendations as follows. - Store data safely. - Store private data within internal storage. - Store personal information into : device internal storage (sanboxed separate app). - Your App no require request permission to see files. - Others App can not access file is new security furture. - When user uninstall app, device will delete all file in internal storage. // Creates a file with this name, or replaces an existing file that has the same name.  // Note that the file name cannot contain path separators. val FILE_NAME = "sensitive_info.txt" val fileContents = "This is some top-secret information!" openFileOutput(FILE_NAME, Context.MODE_PRIVATE).use { fos ->     fos.write(fileContents.toByteArray()) } - Use external s

Description :  This is Security of Android Application that Developer forget used sensitive information into code of application in application development procress. How to fix :  Not should push sensitive information into Code of Application or Protected by use Obfuscation code Obfuscation is an encoding, class name or variable. Strength - when Decompile Application will see encoded text instead of plain-text - Size of Apk file is smaller Step 1 - Config (build.gradle) "minifyEnabled" == true android { buildTypes { release {    // Enables code shrinking, obfuscation, and optimization for only    // your project’s release build type.     minifyEnabled true    // Enables resource shrinking, which is performed by the    // Android Gradle plugin.    shrinkResources true    // Includes the default ProGuard rules files that are packaged with    // the Android Gradle plugin. To learn more, go to the section about    // R8 configuration files.    proguardFiles getDefaultProguardFile

Description :  This is  Security of Android Application Coding that Developer forget used Log Class into Code of Application in procress of Application Development and build to Apk file. How to fix :  Developer should to do delete Log class code  after application development procress finished before build to Apk File.