viernes, 18 de noviembre de 2011

Dev Guide - Designing for Security (Android)

Designing for Security

Android was designed so that most developers will be able to build applications using the default settings and not be confronted with difficult decisions about security. Android also has a number of security features built into the operating system that significantly reduce the frequency and impact of application security issues.
Some of the security features that help developers build secure applications include:
  • - The Android Application Sandbox that isolates data and code execution on a per-application basis.
  • - Android application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC.
  • - Technologies like ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD calloc, and Linux mmap_min_addr to mitigate risks associated with common memory management errors
  • - An encrypted filesystem that can be enabled to protect data on lost or stolen devices.
Nevertheless, it is important for developers to be familiar with Android security best practices to make sure they take advantage of these capabilities and to reduce the likelihood of inadvertently introducing security issues that can affect their applications.
This document is organized around common APIs and development techniques that can have security implications for your application and its users. As these best practices are constantly evolving, we recommend you check back occasionally throughout your application development process.

In this document

  1. - Using Davlik Code
  2. - Using Native Code
  3. - Storing Data
  4. - Using IPC
  5. - Using Permissions
  6. - Using Networking
  7. - Dynamically Loading Code
  8. - Performing Input Validation
  9. - Handling User Data
  10. - Using Cryptography


No hay comentarios: