Input validation issues - Part 1

Description : 

This is Developer not filter sensitive information before store into database.

How to fix :

- You should to do select Input type of EditText to be correct in Android Studio.
- Use Pattern Class filter more information before store into database and more.


More Information :

Data and file storage on Android



Preferences :   // Files lost when delete app.
- Data that store that have key and value in file .xml
- Shared Preference
- Secure Preference
- EncryptedSharedPreferences

Database : in android app   // Files lost when delete app.
  - SQLiteOpenHelper
  - Room
  - SQLCipher

Shared Storage : Data that share with others app.
Such as : Media : images , audio , videos , documents   // Files no lost when delete app.
 - MediaStore API
- Content Provider for open Database for other app can query come to your app.
can be determined, such as specific app that use same keystore.


App-specific storage : Divided into 2 types

Internal Storage (Keep a little but be safe)  // Files lost when delete app.
 - getFilesDir() - File will be store into : package_name/files/
 - getCacheDir() -  File will be store into : package_name/cache/

External Storage (Store a lot of data) // Files no lost when delete app.
 - getExternalFilesDir() - File will be store into : /storage/sdcard0/Android/data/package_name/files/........
 - getExternalCacheDir()  File will be store into : /storage/sdcard0/Android/data/package_name/cache/.......


ความคิดเห็น

แสดงความคิดเห็น

โพสต์ยอดนิยมจากบล็อกนี้

Access Control issues Part 1-3

Description : Caused by use Intent-filter inside Menifest files. Recomment :  Show an app chooser If the Implicit Intent can launch a second app on the user's device, make it an app chooser. This helps users transfer sensitive information to apps they trust. val intent = Intent(ACTION_SEND) val possibleActivitiesList: List<ResolveInfo> = queryIntentActivities(intent, PackageManager.MATCH_ALL) // Verify that an activity in at least two apps on the user's device // can handle the intent. Otherwise, start the intent only if an app // on the user's device can handle the intent. if (possibleActivitiesList.size > 1) {     // Create intent to show chooser.     // Title is something similar to "Share this photo with".     val chooser = resources.getString(R.string.chooser_title).let { title ->         Intent.createChooser(intent, title)     }     startActivity(chooser) } else if (intent.resolveActivity(packageManager) != null) {     startActivity(intent) } Mor
อ่านเพิ่มเติม

Insecure Data Stroage Part 1-4

รูปภาพ
Description :  This is problem of Developer that to do store sensitive information  such as Username Password into Share Preferences file is not have encode information. How to fix : If you whant store sensitive information There are some basic recommendations as follows. - Store data safely. - Store private data within internal storage. - Store personal information into : device internal storage (sanboxed separate app). - Your App no require request permission to see files. - Others App can not access file is new security furture. - When user uninstall app, device will delete all file in internal storage. // Creates a file with this name, or replaces an existing file that has the same name.  // Note that the file name cannot contain path separators. val FILE_NAME = "sensitive_info.txt" val fileContents = "This is some top-secret information!" openFileOutput(FILE_NAME, Context.MODE_PRIVATE).use { fos ->     fos.write(fileContents.toByteArray()) } - Use external s
อ่านเพิ่มเติม