Are you developing android apps, what about its security?
Keep some key points in your mind when developing android apps.
1- Use PROGUARD before publishing-
Most of the developers have a common issue, unused code, apk size, optimization of code etc.
so there is a solution for this type of issue, android provides some java class which works as a tool to resolve these problems.
- free java class file shrinker, obfuscator, preverifier, and optimizer.
- this is helpful to optimize bytecode and removes unused instructions.
- detecting and removing unused classes, fields, methods, and attributes.
Advantage of Proguard-
It will make the .apk file smaller because it will remove every unused code in your application.
where to define proguard-
define it in build.gradle file::(use app-level Gradle file)
2- Follow Network Security Measures-
Use SSL traffic:
If you want to secure your android app and want to add a network security configuration file to your app, you will need to do some following steps:
add an XML resources file on res/xml location:
so the complete path of the file is res/xml/network_security_config.xml
Declare the configuration in your app's manifest:
3- Use Internal Storage for Sensitive Data-
Every android app has inbuilt internal storage associated and the path of your app storage is as it is your app's package name.
this directory is very secure because it used MODE_PRIVATE file creation mode by default.
File appFile = new File(getFilesDir(),"cred.dat");
4- Don't pass sensitive information through Broadcast.
5- keep your library and dependencies up to date.
6- Avoid doing process any payment on rooted devices.
7- Restrict to google API key access
8- API must have keys and store them very safely.
9- Use as minimum permission as you can.
10- Never store password and private keys in shared preferences.
11- Encrypt data on external storage.