Q. How to secure an Android Application.
Ans:- 1. Use Internal storage for sensitive data.
Every Android App has an internal storage directory associated with it whose path based on app package name. File inside this directory is secure because it use MODE_PRIVATE file creation by default. It mean file cannot be accessed by any other outside app.
2. Encrypt data on external storage :- The internal storage of an android device are very less. So therefor If at any time if we have to store data on external storage media such as removal SD card tha store data into encrypted format that data can not access by any other app.
NOTE:- To write data in encrypt and decrypt we can use javax.crypto package which available in Android SDK.
3. Use Intent for IPC:- To send data to a specific component of an app , we should use Intent rather than use any sockets or shared file. For this we have to create object of an Intent than use setComponent() method to specify package name and to send data use putExtra().
4.Use HTTPS :- All communication between your app and server must be over an HTTPS connection. Because HTTP request is very easy to hack when we connect with a open wifi in public area.
5. Use GCM (google cloud data) Instead of SMS.- SMS protocol is neither encrypted nor safe against spoofing attack, SMS can read by any app which app have READ_SMS permission.
6. Avoid Asking for Personal Data :- Make login using social login and mobile number login.
Source:- https://code.tutsplus.com/articles/how-to-secure-an-android-app--cms-26385
Ans:- 1. Use Internal storage for sensitive data.
Every Android App has an internal storage directory associated with it whose path based on app package name. File inside this directory is secure because it use MODE_PRIVATE file creation by default. It mean file cannot be accessed by any other outside app.
2. Encrypt data on external storage :- The internal storage of an android device are very less. So therefor If at any time if we have to store data on external storage media such as removal SD card tha store data into encrypted format that data can not access by any other app.
NOTE:- To write data in encrypt and decrypt we can use javax.crypto package which available in Android SDK.
3. Use Intent for IPC:- To send data to a specific component of an app , we should use Intent rather than use any sockets or shared file. For this we have to create object of an Intent than use setComponent() method to specify package name and to send data use putExtra().
4.Use HTTPS :- All communication between your app and server must be over an HTTPS connection. Because HTTP request is very easy to hack when we connect with a open wifi in public area.
5. Use GCM (google cloud data) Instead of SMS.- SMS protocol is neither encrypted nor safe against spoofing attack, SMS can read by any app which app have READ_SMS permission.
6. Avoid Asking for Personal Data :- Make login using social login and mobile number login.
Source:- https://code.tutsplus.com/articles/how-to-secure-an-android-app--cms-26385
No comments:
Post a Comment