android-security

问题 I've successfully created backend service and Android client for SafetyNet attestation. When I send jws token to my server and try to validate it's certificate it turns out that there is no certificate that signed it. Should I add api key to my Android app? My attestation result:

问题 I've successfully created backend service and Android client for SafetyNet attestation. When I send jws token to my server and try to validate it's certificate it turns out that there is no certificate that signed it. Should I add api key to my Android app? My attestation result:

问题 I am trying to implement asymmetric algorithm in Android. I have managed to do it all. But I am facing an issue while output. What I am getting after decrypting through private key is(Which contains actual text in the end): �������\�C���gz�{ܳkK��c��LB(7fz���H�8�� ��ȏ�ҍ�X ��KI��aj�B��x�D�n>�ι�& UL-1���E�;��s9�zB[�9B�t��B�A�s�GA6����y�f���J�����+. `g4�s�1��p�PW�%��7�"��fQ����G���x� �|&�ѡ�gq������:X�be�_��av��{'msg':'Laravel 7.7777777'} Actual message is : {'msg':'Laravel 7.7777777'} You can

问题 com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. I got this error in logcat on api from 19 to 24 and there is no data loading from the server in my app I searched about that error and find that solution @SuppressLint("TrulyRandom") public static void handleSSLHandshake() { try { TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { public X509Certificate

问题 Few days ago, In "Pre-launch report for APK" in Google Play Console, it start to flag me Unsafe encryption Detected in APK ??? Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Centre article for details. Vulnerable classes: c.j.a.s.J.b However, since the early day of APK, I do not change anything in encryption code/ description code. Hence, I'm not sure why Google starts to warn me on recent APK? Any idea how to resolve? As, the information for

问题 public static String getDeviceID(Context mContext) { String deviceId = Settings.Secure.getString(mContext.getContentResolver(), Settings.Secure.ANDROID_ID); return deviceId; } This shows a security warning, "Using 'getString' to get device identifiers is not recommended " How to resolve this warning? 回答1: You can't really "resolve" this warning. Lint is trying to move you from android ID to advertising id if possible, because for most use cases it's better for user. If you want to disable the

问题 This question already has answers here : SecureRandom provider “Crypto” unavailable in Android N for deterministially generating a key (3 answers) Closed 3 years ago . Seems like "Crypto" provider has been removed in Android N. My application crashing because of NoSuchProviderException. If I change the provider and Algorithm then it will affect user who are all using the app currently. Any one have a idea? KeyGenerator kGen = KeyGenerator.getInstance(KEY_GENERATOR_ALGORITHM); SecureRandom sr

问题 App uploaded in playstore. Its not searchable in playstore also if i use link getting error "App is not compatible with this device" (already set to available in all countries) In playStore production upload,getting App vulnerability issues in notification By mentioning my Content provider file of my framework ---> delete while delete method is here: public class ContentProviderClass extends ContentProvider { public static final int OUTBOX = 90; public static final int OUTBOX_WITH_STATUS =

问题 as part of our application , we are using two contentProviders but both are guarded with android:exported="false". But still we got a mail as Google Play warning: Your app contains a SQL Injection issue They mentioned solution as add android:exported="false" for content providers in AndroidManifest file which was already present. Can any one suggest to overcome this issue?? FYI : we are also using CONTENT_URI of native apps with SQL statements for getting the data, but we are using

问题 as part of our application , we are using two contentProviders but both are guarded with android:exported="false". But still we got a mail as Google Play warning: Your app contains a SQL Injection issue They mentioned solution as add android:exported="false" for content providers in AndroidManifest file which was already present. Can any one suggest to overcome this issue?? FYI : we are also using CONTENT_URI of native apps with SQL statements for getting the data, but we are using