android-security

Are there any permissions I can/must declare in my app, if I want the app to be able to scan the whole "/" folder (say to search for all .txt files e.g. recursively)? I am getting just null so far (when calling File.listFiles ) no matter what permissions I try. I guess I am missing something. Unless you root your device, it is impossible to do any operations on the root directory on a non-rooted device because a third party app will run as a normal user and won't have the root permissions. However, according to https://developer.android.com/reference/android/Manifest.permission , android

So, Lately I am getting the below warning inside my developer console and to resolve the same I have done the required fixes. As suggested by Google , here To confirm you’ve made the correct changes, submit the updated version of your app to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning. But , if I do the same then whole of my app users will be notified and if the problem is not fixed completely then I will have to do further changes and re-upload the app to the play-store. I was wondering , if there is any other

Got warning from google play. How can i handle "SSL Error Handler Vulnerability" of unsafe implementation of the WebViewClient.onReceivedSslError handler. "Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise." I have received the same warning today, and it informs me that the issue comes from the SDK of one of my ad

I've received this email after publishing my app on playstore: Hello Google Play Developer, We reviewed [MyAppName], with package name com.example.myappname, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy. Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and

I have been working on a very benign Android application for a couple months now and all of a sudden I started getting this message on my device when I try to re-install it from IntelliJ. My question is, what sort of things would cause Android OS to display this message? If I were to ever release this app, I certainly would not want my users to have to see this before installing. I had the same problem and it was caused by gradle plugin v2.2.0 (beta version and also RC). When I changed the version back to 2.1.3 problem dissapeared. classpath 'com.android.tools.build:gradle:2.1.3' I got this

I just received the following email from Google Play 'Hello Google Play Developer, We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can enable a malicious package to bypass the Play store billing system and access items that have not been purchased. Next Steps If you are using IabHelper, please start using the latest SDK. If you are manually invoking the in-app billing service, make sure you are calling Intent.setPackage(“com.android.vending”) on any intents to "com.android.vending.billing

Does Android WebView support HSTS? Yes, second this website: http://caniuse.com/#search=hsts since android 4.4 Main changes: Certificate pinning Trusted CA's Add CA's to debug Limit CA's Add CA's hierarchy... But the most important thing will be enabled on the new android N in an res/xml/network_security_config.xml like this: https://koz.io/network-security-policy-configuration-for-android-apps/ <domain-config hstsEnforced=[True|False] cleartextTrafficPermitted=[True|False]> <domain includeSubdomains=[True|False]>koz.io</domain> <pin-set expiration="exp-date"> <pin digest=sha256

Android N lets you link an activity of yours into your app's page in Settings. Just add an <intent-filter> for android.intent.action.APPLICATION_PREFERENCES . Android N's Settings app will look for the activity in your app that has that <intent-filter> . If Settings finds one, it will add a gear icon to your app's page in Settings, and if the user taps the gear, they will be taken to your designated activity. I was worried about security, and so I filed an issue , looking for a permission we could use with android:permission to allow Settings to start our activity, but not allow other apps to