Today our cybersecurity team reveals 10 common questions bothering android developers interested in securing their android applications.
Q1: How can i protect my android app from software pirates? I mean how can i obfuscate my source code?
Ans: You can choose to use DexGuard or DashO to make it difficult for software pirates, reverse engineers or intruders to pirate your source code.
Q2: I heard you can also use ProGuard to obfuscate source code?
Ans: Yes! But it is not effective. Practically not effective.
Q3: Do you think it is quite safer to save users data on their own device?
Ans: Yes and No. Yes- It is quite safer to save non-sensitive data on users devices. No- It is not safe to save sensitive data on users’ devices even if you intend to protect using strong encryption.
Q4: I heard hackers can intercept data in transit using a proxy such as Burpsuite?
Ans: Yes. They can intercept data in transit.
Q5: So is there any defense mechanism against this form of attack?
Ans: Yes. Ensure that the same validation method implemented on the client side is exactly implemented on the server-side.
Q6: Although I have implemented HTTPS to protect data in transit, i find it difficult to stop “csrf” attacks?
Ans: Okay. You can create tokens for each registered or authenticated user. In addition, ensure that tokens are available temporarily and re-created after a specific period.
Q7: Yes. I have done that but hackers still by-pass csrf protection.
Ans: Ensure that csrf tokens are validated at the server-side. Also make tokens random.
Q8: I want my android app to share data with other app but with some form of restriction. How can I achieve that?
Ans: Okay. You can use content provider which allows apps to share data with other apps. Moreover, with content provider, you can specify read and write permissions. Thus, some apps may have read and write permissions whilst others may have read -only permissions or write-only permissions
Q9: Could I also save data in shared_pref file? I heard it is not safe to do so.
Ans: It is safe to do so when data is not sensitive. It is not safe to do so when data is sensitive. So move all users’ data such as password, userid, and account number to your web server.
Q10: Is it advisable to hire android security researchers or pentesters to audit my apps?
Ans: Yes. We recommend you to do so.
Although these are other common faqs related to android security, at least, you can rely on some of our answers to make your android app secure.
#ISA_informs #ISA_ltd
Sign up our newsletter for update information, insight and promotion.
