Android Security: 5 Ways To Secure Your Next Android App

Posted: February 28, 2014 in Mobile Security
Tags: , , , , , , ,

Android App Security5 Ways To Secure Your Next Android App

Android security has become a hot button issue among Android users and developers alike. While the Android platform does offer significantly more freedom when compared to iOS, BlackBerry and Microsoft operating systems, this freedom has a trade off; Android devices and applications have often been seen as far less secure than other options. For this reason, Android developers need to take special precautions when securing their applications.

1. Use a security certificate that verifies your application.

You can use a security certificate to verify that your application is identical to the application that you have released; this prevents others from injecting code into your application and distributing a version that either bypasses your payment structure or includes malware or adware. Security certificates are inexpensive and easy ways to verify your application, but you do need to ensure that they are kept current to avoid any potential for downtime. This is the first line of defense that you have against the potential pirating of your application.

2. Prompt for login information upon launch.

If your application contains any sensitive data, it should be set to prompt for login information when it launches rather than automatically logging in or keeping the user logged in for long periods of time. This will prevent the possibility that someone else could use the phone to access the user’s data. While all users should lock their phones, not everyone does. Studies have shown that up to 44 percent of all users don’t lock their phone at all. You may also want to enforce strict password requirements.

3. Verify all of your data server-side rather than client-side.

“While you don’t have complete control over the client environment, you do have control over your server environment,” explains research expert from Armor for Android. “For that reason, you should perform all of your sanity checks on the server side rather than through your application, and anything that is checked on client-side should be checked again on server-side.” You should especially take care to prevent yourself from standard tactics such as SQL injection, as these strategies can be extremely harmful.

4. Use secured connections when connecting to your server.

Data can be vulnerable when transmitted. Using secured connections when connecting to your server can add an additional layer of protection and security to your application. A secured connection should always be used to encrypt data when being transmitted; you never know when a user could be communicating with your server through a wholly unsecured connection, such as an open wireless access point. HTTPS is a protocol with some flaws, but using it is always more beneficial than not doing so; there are no significant drawbacks to using HTTPS.

5. Don’t forget to secure your server.

Your server is a vulnerable access point; you need to secure your server properly or your application won’t be secure either. To secure your server properly, you should ensure that the login information you use with your server is unique, often changed and difficult to guess or unlock through brute force means. Your server itself should have the proper permissions in place and all of your scripts should be tested and re-tested for any vulnerabilities. The process of securing your server for a mobile application is very similar to securing it for a web application; while your server may not be visible to the user, it may still be at risk.

Android developers need to protect both themselves and their users. The two major security issues for Android developers involve securing the application itself and keeping user data secure. Securing the application itself is mostly a precaution against pirating; while you may not feel as though your application is at risk, pirating does tend to be more prevalent in the Android community than the iOS community. The application also needs to be secured against modification and it needs to keep your user’s data safe; otherwise, you could put others at risk. Luckily, securing an Android application is not as difficult as it may first seem; as long as you are conscientious about your work and implement the required sanity checks throughout, you should be able to minimize your overall risk.

In 2013, the number of malware for Android has reached its peak

Kaspersky Lab’s analysis report

About Author:

James Green is a security researcher for Android antivirus company Armor for Android. James has worked in the Android security field for several years and provides privacy and security advice to Android users.

Comments
  1. Joe Johnson says:

    So premature to assume that Android male are attacks have reached its peak in 2013. On what basis can that statement be made?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s