If you follow this site you will know I take a special interest in Android security. As a result of a particular project, I have taken an even deeper interest more recently and have come to the conclusion, having read lots of papers and studies, that many Android developers unintentionally make some very poor security decisions when coding. Security isn’t on their radar. However, what with the growing number of vulnerabilities, unpatched OEM devices and malware it’s easy to get caught out. For example Skype, WhatsApp and Samsung have all had embarrassments and it’s well known banking apps leak information.
The good news is that it’s possible to protect sensitive data, for most of the time, by following some simple guidelines. For critical data, such as financial and banking data, it’s also possible to protect it in such way that it’s mathematically impossible to access even when a device has been rooted or malicious code has obtained root privileges.
Most of the Android security sites and books have been written by security researchers and show how to hack Android as opposed to protect apps. I decided to approach the problem from the other direction and have created a free site, AndroidSecurity.guru with Android programming guidelines that can hopefully raise awareness and help developers become Android Security gurus.