Member-only story
How to secure your Android app in 10 simple steps
Y ou are a developer and your client is pushing you to deliver the app on time. You keep coding all around the clock, you’re struggling and you feel shattered, but suddenly you remember something:
“Oh my gosh, what about security? Did I forget something?”
In my experience as a penetration tester, I constantly see that developers get lost in details about security. Before asking for a penetration test, be sure to get rid of these low hanging fruits. You’ll avoid sad experiences to the final users and your reputation will be improved.
I’m going to give you a basilar list of things to do or to check, hoping that it will help you!
1. Obfuscate your code
First rule about your code: don’t talk about the code!
You’re working really hard to create a great application. You’re spending a whole ship full of dollars to make your dreams great. Are you sure that you want to give your code to the whole world, for free?
APK files are simple, compressed files, which can be extracted similarly to every zipped file you met before. Moreover, there are tools like jadx using which you can read the application code. An attacker can know how your algorithms works, can read your hardcoded key (even though it’s NEVER a…
