Lines Matching refs:that
31 into the operating system that significantly reduce the frequency and impact of
35 <p>Some of the core security features that help you build secure apps
46 <li>An encrypted filesystem that can be enabled to protect data on lost or
52 <p>Nevertheless, it is important that you be familiar with the Android
54 will reduce the likelihood of inadvertently introducing security issues that
62 that you save on the device is accessible to other apps. There are three fundamental
67 <p>By default, files that you create on <a
84 choose to encrypt local files using a key that is not directly accessible to the
86 and protected with a user password that is not stored on the device. While this
87 does not protect data from a root compromise that can monitor the user
104 We strongly recommend that you not store executables or
113 offer a structured storage mechanism that can be limited
124 that will be exported for use by other applications, you can specify a single
127 within the manifest. We recommend that you limit your permissions to those
128 required to accomplish the task at hand. Keep in mind that it’s usually
148 that activates the component. The scope of these permissions can be further
157 potential SQL injection from untrusted sources. Note that using parameterized methods is not
162 that the write permission allows SQL statements which make it possible for some
165 number in a call-log by modifying a row only if that phone number already
185 <p>We recommend minimizing the number of permissions that your app requests
191 <p>If it's possible to design your application in a way that does not require
192 any permissions, that is preferable. For example, rather than requesting access
201 to protect IPC that is security sensitive and will be exposed to other
211 over IPC that is only available because it has a specific permission, but does
212 not require that permission of any clients of it’s IPC interface. More
239 that you need to consider:
241 <li>The permission must have a string that concisely expresses to a user the
261 data that is potentially private to the user. People are increasingly aware of the privacy
263 so it's very important that your app implement all best practices toward keeping the user's
269 environments. The key consideration is making sure that appropriate protocols
271 secure web traffic. We prefer use of HTTPS over HTTP anywhere that HTTPS is
273 that are not secured, such as public Wi-Fi hotspots.</p>
279 encouraged for all applications that communicate over the network.</p>
289 <p>Also, one common issue that warrants repeating is to make sure that you do
298 user-to-user communication and is not well-suited for apps that want to transfer data.
303 <p>Beware that SMS is neither encrypted nor strongly
305 should expect that a malicious user may have sent the SMS to your application—Do
307 Also, you should be aware that SMS may be subject to spoofing and/or
310 by other applications that have the {@link android.Manifest.permission#READ_SMS}
321 have platform-level countermeasures that reduce the exposure of applications to
323 note that selection of type-safe languages tends to reduce the likelihood of
335 title="Data Execution Prevention">DEP</acronym> that reduce the
344 <p>If you are using data within queries that are submitted to an SQL database or a
352 of well-structured data formats and verifying that the data conforms to the
363 <p>In general, the best approach for user data security is to minimize the use of APIs that access
366 Finally, consider if there is a way that your application logic can be
374 usernames, keep in mind that some jurisdictions may require you to provide a
375 privacy policy explaining your use and storage of that data. So following the
386 <p>If access to sensitive data is required, evaluate whether that information
391 <p>Also, make sure that you do not inadvertently expose user data to other
417 <p>Because {@link android.webkit.WebView} consumes web content that can include HTML and JavaScript,
427 application, so remove that method call if it's not required. By default,
433 particular care because it allows JavaScript to invoke operations that are
439 addJavaScriptInterface()} only to JavaScript that is contained within your application APK.</p>
445 headers like <code>no-cache</code> can also be used to indicate that an application should
462 <p>Services that will be accessible to multiple applications should be accessed
469 before passing in any credentials, so that you do not inadvertently pass
472 <p>If credentials are to be used only by applications that you create, then you
489 implementation that can support your use case. If you need to securely
496 recommend that you <em>not</em> implement your own cryptographic algorithms. Use
502 Use of a key that is not generated with a secure random
507 {@link java.security.KeyStore} that
531 element. This is useful for applications that consist of multiple processes
532 within the same UID, or if you decide late in development that you do not
539 element. If IPC is between your own separate apps that are signed with the same key,
555 <p>Note that ordered broadcasts can be “consumed” by a recipient, so they
556 may not be delivered to all applications. If you are sending an intent that must be delivered
557 to a specific receiver, then you must use an explicit intent that declares the receiver
560 <p>Senders of an intent can verify that the recipient has a permission
561 specifying a non-Null permission with the method call. Only applications with that
563 sensitive, you should consider applying a permission to make sure that
570 can be invoked with explicit intents and may not have data that would conform to the intent
572 confirm that it is properly formatted for the invoked receiver, service, or
601 the implementation of that call. We generally recommend using the
611 interface that enables mutual authentication of the endpoints, if required.</p>
613 <p>We strongly encourage designing interfaces in a manner that does not require
620 implemented. If you are creating an interface that requires authentication
625 <p>If providing an interface that does require access controls, use {@link
674 keep in mind about dynamically loaded code is that it runs with the same
676 install your application based on your identity, and they are expecting that
677 you provide any code run within the application, including code that is
680 <p>The major security risk associated with dynamically loading code is that the
704 we recommend that you familiarize yourself with some
716 programming in other environments, there are two broad issues that may be
729 that are not verified, such as unsecured network sources or external storage,
730 because that code might be modified to include malicious behavior.</li>
754 good way to think about it for developers familiar with Linux is to know that