Developing Android apps is fun. But crashing apps can ruin your reputation. Android demands extensive testing. Here are the top vulnerabilities I always keep in mind to avoid:
1. Information Gathering: Make sure all the data is scrutinised and to the point.
2. Configuration and Deployment analysis
3. Security for Authentication
4. Assessment for confidential information leak. Make sure its safe for users to enter their information.
5. Unauthorised intent login has to be solved with proper procedure.
Besides these fundamental analysis above, I also undertake technical testing that includes:
1. Back testing the mobile application code.
2. Filtering bugs in Common Libraries.
3. 'Application Known Controllers' enumeration.
4. Clean hidden codes in the primary code.
5. Content Providers Access Permissions.
6. Cross application authorization.
7. Clipboard Separation.
8. Authorization decision on the client side.
There are less important things like Shared User Resources and privileged data security.
I guess I covered most of the topic here. And really hope it helps.
Thousands of apps are being released to major app stores every day. Yet, most of them wither before they even have a chance to bloom.
The effort, money, and time that is put into developing apps are enormous. Once you’ve got a lot of negative feedback from the users, there will be hardly any second chance given to prove the worth of your app. So ensuring security should be a major step taken by app development companies.
what are some of the most common security vulnerabilities of android app development