THE USE OF PRINCIPLES OF SECURE DEVELOPMENT OF ANDROID APPLICATIONS
DOI:
https://doi.org/10.24867/11BE05MatkovskiKeywords:
Android, security, vulnerability, applicationAbstract
This paper analyses the security problems of the Android mobile applications. The theoretical foundations required to understand basic security principles are given and the most common vulnerabilities of mobile applications together with the recommendations on how to prevent or aggravate their realisation are presented. Even though the Android platform possesses built-in security mechanisms to improve security of applications, it often does not suffice. In order for users and their data to be secure, it is necessary for developers to take care of security of applications at every stage of their development. With the aim of demonstrating security mechanisms, an Android application for online testing has been developed. The recommendations given in the OWASP top ten mobile list have been implemented in the application. A secure data transfer between the application and the server used by the application occupies a special place in the paper. The application for online testing has been implemented using the Java programming language, and XML for the layout of the screen components.
References
[2] https://cve.mitre.org (pristupljeno u septembru 2020.)
[3] https://jeremylong.github.io/DependencyCheck/ (pristupljeno u septembru 2020.)
[4] https://owasp.org/www-project-mobile-top-10/ (pristupljeno u septembru 2020.)
[5] https://five.agency/encryption-on-android-with-jetpack-security (pristupljeno u septembru 2020.)
[6] https://developer.android.com/studio/build/shrink-code#keep-code (pristupljeno u septembru 2020.)