I am planing to create a android application for doing some banking operations like fund transfer and all, but I fear the security of the application. Doing some research I found that "128-bit SSL protection" is the best way to protect mobile application. But I dont know any thing about that 128-bit SSL protection. Can any one tell me how I can implement this? and what are the other perfect ways to ensure the security of the transactions. Please give your valuable suggestions.
You need to implement SSL(HTTPS) to your App.
You need to follow this doc : http://developer.android.com/training/articles/security-ssl.html
Also,i hope this may help :
Android application with SSL
Related
before asking this question i searched hole internet about security of android and i know maybe proguard and obfuscation help me...
I have wrote a class that decrypt server response data and convert it to a map.
if anyone can decompile my java class or move my decryptor class to him app.he can cheat in my game and harmful financial damages.
if we cross "This is an stupid question!!!" then
is there any way to secure my code with 100% security?
what reference's you suggest me?
thanks alot
I think there are multiple facets to this issue. Security is not just about android or java abstraction, you want your entire system to be strong enough. For starters I will suggest you can develop an apiKey system that will add another layer of security, the apikey is linked to the email id of the downloading user, so even if someone were to decompile your app they would need an api key to access your services. But api keys are for basic authorisation purposes.You could also opt for OAuth2.0 tokens which are time based and are much more robust.
These links can help:
https://hueniverse.com/introducing-oauth-2-0-b5681da60ce2
https://www.scribd.com/document/33655/How-to-Design-a-Good-API-and-Why-it-Matters
I wrote a node-app which is supposed to be backend for native apps. For now I have an ios-app that communicates with the node-app. Later probably I also develop an android native app.
Im concerned about who can make request to this app. The best would be if I can be 100% sure that this is a native app who is contacting my node-app. But: how do I accomplish this? By sending arbitrary headers everybody would be able to pretend being a native app. Is there a way to solve this?
If by solve you mean flawless security, then no. You should employ multiple strategies, take a look at this question. Generally speaking there can never be perfect security. You will have to carefully consider what is your level of acceptably leaky.
I am developing a tool which scans android apps and shows the vulnerabilites found in it.I am stuck at one of OWASP vulnerability i.e Insufficient Transport layer protection. I am not able to find vulnerable code to create a pattern so that i can cross check it with any app. Please if you have any vulnerable code related to this vulnerability please tell me.
Thanks in advance
Basically what you have to check is, wether encryption is used for operations on the network.
For example: Is SSL/TLS enabled for Login-Requests? Is there any other sensitive information which is transferred in clear-text over the network? Is SSL configured in a secure way (e.g. no SSLv2)? and so on.
You can find a list on https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet what you have to consider while preventing this specific vulnerability.
However I think it's pretty hard to check if something isn't there...
I am not familiar with Android programming but I would look for any unencrypted socket creation or request, as this possibly is this kind of vulnerability.
Good luck ;-)
I'm writing an android App which is basically finished and functions well on a single device.
I now need to create a communication between two different machines and to send information back and forth.
the problem is that I have zero knowledge about how do this, and all the different guides didn't gave any begginers information about it.
I understood that I need to use a third party server, but couldn't find information where to purchase one, and how to communicate with it.
can you please tell me which technologies I should inquire about? what should I study? what API's should be helpful for me?
Regards,
Vladimir.
I think App Engine is the best choice for you.
AppEngine
I want to test two ad agencies on my application. I know there are some ad companies that merge all these companies together but that's not what I'm looking for. I want to be able to control application features remotely. Is there a service such as flurry or such that gives the option to change settings remotely? Or do I have to implement my own? This feature is strictly for developer use and not the actual application users.
Hopefully what I'm asking is understandable...
Thanks!
-Jona
check out www.adwhirl.com
.I'm using it and it's perfect!
I think your best bet is to implement your own solution.
Make your apps communicate with a server on startup and read settings from there.
Also, Android supports push notifications from the 'cloud'. Maybe something to consider.