android-security

问题 After analyzing my Android application with a security tool, it has detected a high level vulnerability "File unsafe delete check". I have investigated about this, and it seems that the problem is that the application uses "file.delete()". That function is considered unsafe because data could theoretically be retrieved with a tool that scans all the storage device. So, if that way of deleting is "unsafe"... what is the "safe" way to delete files in Android? (to avoid getting that "security

问题 I am trying to generate token at run time using sign certificate and verify that token on server to access any resources. I don't want to store token in XML file because it is available after reverse engineering of APK Code for generating token is public String getToken() { Signature[] sigs; try { sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures; String token = sigs[0].toCharsString(); return token; } catch (Exception e) { e

问题 I need to check before enabling my application if the device has no security defined on setting. Can't have set: Pattern, PIN, Password and even Swipe. Does anyone know a way to check if the lock screen setting is not enabled? Alternately, can we check which of the above lock screen settings is enabled? Thanks! 回答1: You can use KeyguardManager - it's isSecureMethod() should return false in Your case. http://developer.android.com/reference/android/app/KeyguardManager.html 来源： https:/

问题 Is there a way to detect within my own app that a Screen Overlay is currently present? For example, I see in the settings that they detect it: I would like to know if there is a way to detect it myself within my own app. 回答1: Android View documentation offers clear ways : To enable touch filtering, call setFilterTouchesWhenObscured(boolean) or set the android:filterTouchesWhenObscured layout attribute to true. When enabled, the framework will discard touches that are received whenever the

问题 Now this is something very interesting for me, I know mostly about Runtime Permissions and i am well aware of why Runtime Permissions proposed? and How we can use it? but in this question which is about a problem rising due to this run time permission thing, A guy proposed a pretty newer way to solve this problem. See U.swap's answer on the same question,here is that answer. This guy Proposed a nice and working solution that user have to approve Permissions only once and for rest of his life

问题 Please, explain me, what is it? I have received a message from GP, with this text: Hello Google Play Developer, We detected that your app(s) listed at the end of this email are potentially leaking credentials used to make network requests (HTTP and FTP). Please check for cases where you use url-encoded basic access authentication, for example a URL such as https://username:password@www.example.com/. We recommend that you immediately change the credentials and redesign your app to avoid

问题 i need to check if the lockscreen does have a Pin or something more secure (Password, Fingerprint etc.). Im able to check if there is a Pin, Password or a Pattern. KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(Context.KEYGUARD_SERVICE); return keyguardManager.isKeyguardSecure(); My Problem is that i cant detect if the lockscreen is a Pattern or something lower. I tried this: int lockPatternEnable = Settings.Secure.getInt(cr, Settings.Secure.LOCK_PATTERN_ENABLED)

问题 I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13. I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to

问题 Google has advised that I have an unsafe implementation of the interface X509TrustManager in my Android application and need to change my code as follows: To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException or IllegalArgumentException whenever the certificate presented by the server does not meet your expectations. For technical questions, you can post to Stack Overflow

问题 I'm currently working on a big legacy project and trying to fix the OpenSSL vulnerability issue as explained at How to address OpenSSL vulnerabilities in your apps. The problem is, there are lot of dependencies, some are open source (I updated all that didn't break the compatibility) added as Gradle import, some are custom/closed source provided by partners and contractors of the company I work for and attached to the project as JARs. Is there any way to pinpoint specific library that has