Professional Documents
Culture Documents
Security Tips For Android Developers
Security Tips For Android Developers
6/2/2014 9:21 PM
MODE_WORLD_WRITEABLE
/Context.html#MODE_WORLD_WRITEABLE) /Context.html#MODE_WORLD_READABLE)
(/reference/android/content (/reference/android/content
MODE_WORLD_READABLE
KeyStore
/java/security/KeyStore.html)
(/reference
http://developer.android.com/training/articles/security-tips.html
1 of 9
6/2/2014 9:21 PM
ContentProvider
/ContentProvider.html) element.html#exported) /manifest/provider-element.html#exported)
(/reference/android/content (/guide/topics/manifest/provider-
android:exported=false "true"
android:exported
(/guide/topics
ContentProvider
(/reference/android/content/ContentProvider.html)
android:protectionLevel
"signature"
android:grantUriPermissions FLAG_GRANT_READ_URI_PERMISSION
(/reference/android/content
/Intent.html#FLAG_GRANT_READ_URI_PERMISSION)
FLAG_GRANT_WRITE_URI_PERMISSION Intent
(/reference
/android/content/Intent.html#FLAG_GRANT_WRITE_URI_PERMISSION) /content/Intent.html)
(/reference/android
<grant-uri-permission element>
element.html)
(/guide/topics/manifest/grant-uri-permission-
query()
java.lang.String[], java.lang.String))
(/reference/android
update()
(/reference/android/content
delete()
(/reference/android/content
selection
WHERE
http://developer.android.com/training/articles/security-tips.html
2 of 9
6/2/2014 9:21 PM
<permissions> ContentProvider
(/reference/android/content/ContentProvider.html)
HttpsURLConnection
(/reference/javax/net/ssl/HttpsURLConnection.html)
http://developer.android.com/training/articles/security-tips.html
3 of 9
6/2/2014 9:21 PM
SSLSocket
(/reference/javax/net/ssl/SSLSocket.html)
Service
(/reference/android/app/Service.html)
WebView
/WebView.html)
(/reference/android/webkit
READ_SMS
(/reference/android/Manifest.permission.html#READ_SMS)
http://developer.android.com/training/articles/security-tips.html
4 of 9
6/2/2014 9:21 PM
READ_LOGS
(/reference/android/Manifest.permission.html#READ_LOGS)
WebView
(/reference/android/webkit/WebView.html)
WebView
/WebView.html)
(/reference/android/webkit
WebView
/WebView.html)
(/reference/android/webkit
setJavaScriptEnabled()
(/reference/android/webkit
/WebSettings.html#setJavaScriptEnabled(boolean))
WebView
(/reference/android/webkit/WebView.html)
addJavaScriptInterface()
(/reference/android/webkit
/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String))
addJavaScriptInterface()
(/reference/android/webkit
/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String))
addJavaScriptInterface()
/webkit/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String))
(/reference/android
WebView clearCache()
(/reference/android/webkit/WebView.html)
(/reference/android/webkit/WebView.html#clearCache(boolean))
no-cache
http://developer.android.com/training/articles/security-tips.html
5 of 9
6/2/2014 9:21 PM
AccountManager
(/reference/android/accounts/AccountManager.html) /android/accounts/AccountManager.html)
AccountManager
(/reference
AccountManager
(/reference/android/accounts/AccountManager.html)
Account
(/reference/android/accounts/Account.html)
CREATOR
(/reference/android/accounts/Account.html#CREATOR)
AccountManager checkSignature()
(/reference/android/accounts/AccountManager.html)
(/reference/android/content/pm/PackageManager.html#checkSignatures(int, int))
KeyStore
/java/security/KeyStore.html)
(/reference
HttpsURLConnection
(/reference/javax/net/ssl/HttpsURLConnection.html) /SSLSocket.html)
SSLSocket
(/reference/javax/net/ssl
Cipher
(/reference/javax/crypto/Cipher.html)
SecureRandom KeyGenerator
(/reference/java/security/SecureRandom.html)
(/reference/javax/crypto/KeyGenerator.html)
KeyStore
/KeyStore.html)
(/reference/java/security
Intent
(/reference/android/content/Intent.html) (/reference/android/os/Messenger.html)
Binder
(/reference/android/os/Binder.html)
Messenger
Service
(/reference/android/app/Service.html)
BroadcastReceiver
(/reference/android/content/BroadcastReceiver.html)
http://developer.android.com/training/articles/security-tips.html
6 of 9
6/2/2014 9:21 PM
android:exported <service>
"false"
sendBroadcast()
(/reference/android/content
/Context.html#sendBroadcast(android.content.Intent))
sendOrderedBroadcast()
(/reference/android
/content/Context.html#sendOrderedBroadcast(android.content.Intent, java.lang.String))
Service
(/reference/android/app/Service.html)
checkCallingPermission()
(/reference/android/content/Context.html#checkCallingPermission(java.lang.String))
Binder
(/reference/android/os/Binder.html)
Messenger
(/reference/android/os/Messenger.html)
Binder
(/reference/android/os/Binder.html)
Messenger
(/reference/android
/os/Messenger.html)
http://developer.android.com/training/articles/security-tips.html
7 of 9
6/2/2014 9:21 PM
Service
(/reference/android/app/Service.html)
Activity
(/reference/android
/app/Activity.html)
Binder
(/reference/android/os/Binder.html)
Messenger
(/reference/android/os/Messenger.html)
checkCallingPermission()
/android/content/Context.html#checkCallingPermission(java.lang.String))
(/reference
Service
(/reference/android/app/Service.html)
bindService()
(/reference/android/content
clearCallingIdentity()
/os/Binder.html#clearCallingIdentity())
(/reference/android
BroadcastReceiver
(/reference/android/content/BroadcastReceiver.html) (/reference/android/content/Intent.html)
Intent
BroadcastReceiver
(/reference/android/content/BroadcastReceiver.html)
<receiver>
element.html)
(/guide/topics/manifest/receiver-
BroadcastReceiver
/BroadcastReceiver.html)
(/reference/android/content
DexClassLoader
(/reference/dalvik/system/DexClassLoader.html)
http://developer.android.com/training/articles/security-tips.html
8 of 9
6/2/2014 9:21 PM
http://developer.android.com/training/articles/security-tips.html
9 of 9