1. Allowing Access to your Content Providers
As long as you don't want to send data to a different app, you should forbid other apps to use your app's content provider. By doing that, you prevent other apps from getting data they shouldn't get.
2. Letting the User Browse in a WebView
A WebView is not intended to be used as a browser. This is especially dangerous, if you add a JavaScript interface to it. lt can lead to the attacker being able to read sensitive user data. Therefore, you should only use a WebView to show pages you are in full control of
3. Requesting Permissions for Actions That Can Be Done by Another APP
For actions like reading contacts or private photos, always let the user choose another app with an intent chooser. lf you only want to read a single contact, then the user can choose an app he trusts and that already has the read contacts permission.
4. Storing Private Data in External Storage
Saving sensitive user data in external storage is a horrible security practice because every other app can access it instead use the internal storage which is sandboxed per app. Also, consider using the Jetpack Security library to à encrypt your files
5. Not Updating Your APP's Dependencies
Not only your code can contain security issues, also third party libraries can. Therefore, always make sure to use the latest version of each library to minimize the risk of having vulnerabilities in your app
0 Comments