Security? What does it mean.
Securing your .apk
Comparing Signing Certificates
Basically here’s the long and the short.
Yes you can take steps to enhance your security, but a really good Hacker can succeed given sufficient time.
So always ask yourself if what you’re doing is the best method. It’s unlikely the best hackers are targeting you. A locked door just might push the wannabe hacker to the next door.
Fundamentally here’s the problem:
“But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.” Wired Magazine, Aug 6th, 2012.
In the Android’s Developers Guide there a section about Designing for Security.
Most devices don’t use password protection and most users will disable it if it’s offered.
The app can have a signin.
Halt! Who goes there? Roger!
Roger, thanks for the password.
OAuth Background OAuth emerged from the social web, originally motivated by a desire to mitigate the so-called “password anti-pattern” in which a user, in order to authorize a third-party site to access their Facebook data, would be asked to provide their Facebook password to that third-party site. The first version, OAuth 1.0, allowed a user to specify such permissions without divulging their Facebook credentials to any entity other than Facebook (and similar for other providers).
OAuth 2.0 still supports this original delegated authorization use case from the consumer web but is now relevant to enterprises and the Cloud as well—which is arguably more about authentication than authorization. For instance, Salesforce uses OAuth to protect the many APIs they offer up to their enterprise customers. Enterprises themselves are using OAuth to protect the APIs they offer their partners and customers as well as internal clients in “private cloud” models.
OpenID OpenID is an open federated identity standard targeted towards the consumer world, allowing individuals Single Sign-On (SSO) to “relying party” sites from an OpenID provider such as their email provider or social network. Large OpenID providers such as Google and Yahoo! have issued OpenIDs to all their users. OpenID is one of few federated identity standards that enable SSO without the need for a pre-existing relationship between the identity provider and the relying party, a feature that greatly fosters scalability.
Malware, is it a problem?
According to Google and Apples it’s not.
Google believes some of the anti-malware apps are worst than the malware. Apple despite the proof to the contrary says there’s no malware on their platform.
Malware, but it’s not. Lookout’s take on the ‘Apperhand’ SDK (aka ‘Android.Counterclank’) Apparently adveritisers are the biggest spammers.
As pointed out in this article somebody’s always crying “Wolf”. Symantec launches massive ‘Android malware’ scare campaign — extreme caution advised – Computerworld Blogs” sometimes the problem is overstated.
Recently I read 5 free Android security apps for your smartphone | Mobile Technology – InfoWorld