Android App Security Checklist
#Access Control#Specialized Security
Alternative marketplace for mobile applications with package ID metadata retrieval and APK download capabilities.
A Security Considerations Checklist for Developing Android Apps
This checklist provides essential security considerations for the design, testing, and release phases of developing secure Android applications.
Based on Established Security Standards: A Guide for Mobile Applications
This guideline is based on the OWASP Mobile Application Security Verification Standard, the Mobile Application Security Testing Guide, and other relevant resources. For comprehensive instructions and recommendations, please refer to the links provided for each checklist item.
Data Storage:
Requirements:
Requirements:
The Purpose of the Keystore
The Keystore is designed to securely store sensitive data, including user credentials and cryptographic keys. It ensures that no sensitive data is recorded in application logs. Additionally, sensitive data is not shared with third parties unless it is essential for the architecture.
The keyboard cache is disabled for sensitive data inputs
The keyboard cache is turned off for text inputs that handle sensitive information. No sensitive data is transmitted through IPC mechanisms. Additionally, no sensitive information, such as passwords or PINs, is displayed in the user interface. Sensitive data is not included in backups. When views are moved to the background, sensitive data is removed from them.
The app only requests the essential permissions
The app only requests the essential set of permissions that are necessary for its functioning. All inputs from external sources and users are carefully validated, and if needed, they are sanitized to ensure security.
This includes data received through various channels
This includes data received through the user interface (UI), inter-process communication (IPC) mechanisms such as intents, custom URLs, and network streams.
