Entersoft Essentials: Security Guidelines to Secure Your Android App

Mobile app security checklist

Insufficient security standards at any industry helps it be difficult to manage security controls within an application level. Developing a strong security checklist available not only improves app security nevertheless the ecosystem active in the development process, as well. Also, robust security standards and well set guidelines differentiate a platform through the others.

This checklist can help you turn into a leading marketplace regarding application security.

1. SSL implementation check

Checking SSL implementation is vital to numerous apps. This protects the app from MITM attacks plus secures communication relating to the mobile app and server.

2. Sensitive information management at client side

An application should not store sensitive information like encryption keys, username, passwords in shared preferences, files etc in local pool or memory. Just in case a credit application stores sensitive information in the database, encrypting the database with SQLCipher library is advised. Sensitive information ought to be accounted for as the app is uploaded to the market place.

3. Code obfuscation

Strong code obfuscation standards needs to be set up. Applications should encrypt or obfuscate the code in order to avoid reverse engineering.

4. Obsolete cryptographic libraries identification

Apps must always make use of the latest cryptographic algorithms which can be safe and recommended. App developers must avoid using their very own implementation of cryptography.

5. Validation checks at both client side and server side

Sometimes developers perform validations limited to your client side. This leaves the server susceptible to MITM attacks. Look for input validations at all possible scenarios.

6. Input sanitisation

Sanitise the person inputs to free them from malicious characters. Apps should use whitelisting to generate a list of allowable characters.

7. Encode and decode

Apps should always work with a standard encoding for encoding user inputs from client side and implement the decoding mechanism to decode the data at the client that is sent in the server side. All encoding and decoding standards will probably be tested.

8. Implement checksums and tokens

A best practice for developers is usually to implement checksums around the data that is passed from client to the server to discover the integrity with the data. Implement tokens to protect the app from CSRF attacks.

9. Secure response headers

Pay attention to implementation of secure response headers.

10. Authorisation testing

Test authorisation at each level. Apps must have resources on the server side properly configured based on the user roles inside the application.

11. Session management

Sessions ought to be properly carried out avoid session based attacks. Developers should generate random sessions and ensure the sessions are terminated after having a particular time period or after inactive usage. It is important to check for the expiration of sessions after logout or the previous session bring account takeover.

12. Protect the OS components

A checklist to check the exported=false to the components in android application if it is not desired for the other applications to have interaction using the components in your app.

13. Implementing password policy

Most mobile apps still take advantage of weak password policies. Utilizing a minimum password amount of 8 and making certain the password contains a minumum of one numeric, one uppercase, one lowercase, one special character will ensure security at human level.

14. Implement Captcha

Mobile app security checklist

In order to avoid brute force attacks, apps should implement reCAPTCHA from google.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.