17

What are the most important security issues that developers of Android apps need to know about? What are the biggest pitfalls or kinds of vulnerabilities that they need to watch out for? One security problem per answer, please. I'm particularly interested in implementation-level issues, software flaws, etc.

Edit: I am most interested in implementation-level failures (rather than conceptual/architectural/design flaws), and flaws that are specific to Android apps (rather than flaws that apply to all application software or all network-connected client software). Are there pitfalls in using the Android APIs that Android developers need to know about? I am also interested in answers that explain how the flaw manifests in the code, or what to look for in the code to recognize the flaw. (Example code snippets would be especially wonderful.)

nealmcb
  • 20,544
  • 6
  • 69
  • 116
D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 3
    You may be interested to know that the OWASP mobile project is launching GoatDroid - a deliberately insecure Android app with source code and vulnerability documentation - in the next few days. It should document a few of the problems you're looking at. (Disclosure: I'm on the OWASP mobile group) –  Jul 11 '11 at 07:53

5 Answers5

7

Insufficient protection of confidentiality and integrity of data in transit. Smartphones will often be connected to untrustworthy networks (e.g. GSM or wireless networks operated by unknown parties): when transmitting data to or from a network host, assume it can be tampered with or read.

5

Apart from the things that were already mentioned and apply to just about any software application, remember that App isolation is far from what people expect it to be: The existing Android trust model, that you can install apps and run them such that they will not be able to access each others data, is perhaps the largest threat to Android security. This model was repeatedly broken and shown to be fundamentally flawed. Even in the most secure OS, which Android(Linux) is not, malicious Apps can transfer data using covert channels or infer information about other Apps using side-channels. CPU cache timing attacks are the most popular here but a complex platform such as Android offers a lot more channels for hidden information flows.

Hence, not only is the network and SD card insecure, you also have little assurance that the data in the private App folder is secure. If you write a security-sensitive application, encrypting all local storage is the least you can do (and, unfortunately, also about the most...).

If you write multiple Apps that should communicate with each other, look at the permission system available for that purpose and the semantic of sharedUserId: http://developer.android.com/guide/topics/security/security.html

pepe
  • 3,536
  • 14
  • 14
4

Insufficient protection of data from physical theft of the device. You may have data that only the phone's owner should access: do not assume that the operator of the touchscreen is actually the phone's owner.

4

This presentation describes a number of potential security pitfalls in development of Android apps.

D.W.
  • 98,420
  • 30
  • 267
  • 572
2

Inappropriate handling of malicious data. Your Android app will take data from all sorts of untrusted sources: network hosts, the shared SD storage, the USB link for example. This data should be treated with caution.