Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
11
votes
4 answers

Cause of "This app contains code that attempts to bypass android's security protections"

I have been working on a very benign Android application for a couple months now and all of a sudden I started getting this message on my device when I try to re-install it from IntelliJ. My question is, what sort of things would cause Android OS…
uesports135
  • 1,083
  • 2
  • 16
  • 25
11
votes
2 answers

Android: Removing OpenCV older version will resolve Libpng Vulnerability warning?

I got an email from Google play store regarding - "Google Play warning: You are using a vulnerable version of libpng". Email contains the below information - https://support.google.com/faqs/answer/7011127 I didn't use libpng library in my…
SKK
  • 1,705
  • 3
  • 28
  • 50
10
votes
2 answers

Your app(s) are using a content provider with an unsafe implementation of openFile

I've received this email after publishing my app on playstore: Hello Google Play Developer, We reviewed [MyAppName], with package name com.example.myappname, and found that your app uses software that contains security vulnerabilities for users.…
user10407482
10
votes
2 answers

Android Key Store API 23, use setUserAuthenticationRequired without Fingerprint Scanner

I've tried to generate a key pair using the Google sample (BasicAndroidKeyStore). The only modification I made is setting the setUserAuthenticationRequired(true) in the KeyGenParameterSpec.Builder. I assume it would work fine on a device with the…
kmalmur
  • 2,809
  • 3
  • 29
  • 37
9
votes
4 answers

Can multiple Android Applications(same device) share same key-pair for Passwordless Authentication using FIDO 2 Protocol?

Problem Statement: I want to solve the user authentication on Android applications using the FIDO2 protocol(by providing an SDK), without doing multiple registration ceremonies for different applications on the same device. For example, If a user…
Sachit Sharma
  • 332
  • 1
  • 9
9
votes
1 answer

Fixing a Zip Path Traversal Vulnerability In Android

I have uploaded My Application in Google Play Store and Google has given warning that is "Android Security". In Application, we downloaded the Zip folder and save this Zip folder in internal Storage and than unZip that folder in internal Storage of…
axita.savani
  • 406
  • 1
  • 6
  • 21
9
votes
3 answers

Is api key needed in SafetyNet attestation?

I've successfully created backend service and Android client for SafetyNet attestation. When I send jws token to my server and try to validate it's certificate it turns out that there is no certificate that signed it. Should I add api key to my…
pixel
  • 24,905
  • 36
  • 149
  • 251
9
votes
1 answer

Spring boot REST api security for Android App using Google + Facebook login

I'm building an application with 2 layers: - 1. Native Android App - contains ability to sign in via Facebook + Google to make sign on less painful. 2. Java Server using Spring Boot - typical MVC endpoints such as REST api + UI admin screens. The…
bobmarksie
  • 3,282
  • 1
  • 41
  • 54
9
votes
2 answers

Google Play Developer Console rejected My Application Update

I am trying to understand and fix why is my App rejected I know it's about SSL, but I can't seem to find which dependency is causing it. I am using the next setup: Android N (24) Fabric. MixPanel. Quickblox. Crashlytics Analytics. Any help would…
Itzik Samara
  • 2,278
  • 1
  • 14
  • 18
9
votes
2 answers

Android Fingerprint only allows 5 attempts at a period of time

I am developing an Android App that requires fingerprint to open an Activity. I just noticed when I unlock my phone using my fingerprint, the number of attempts to scan a fingerprint in my app only becomes 4. For example: Phone is unlocked Unlock…
Dale Julian
  • 1,560
  • 18
  • 35
9
votes
1 answer

Control access of third party APIs to Android system resources?

When you import third party APIs (packet dependency injection, generated libraries, source code, etc) in your Android project, you assume they will behave as advertised. Most of the times code is not open source, it is obfuscated or just…
Radu Ionescu
  • 3,462
  • 5
  • 24
  • 43
8
votes
0 answers

android trust manager vulnerability

I received a very disturbing email from google: We reviewed app name, with package name, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage…
Rafael Lima
  • 3,079
  • 3
  • 41
  • 105
8
votes
1 answer

Android check if lockscreen is set

i need to check if the lockscreen does have a Pin or something more secure (Password, Fingerprint etc.). Im able to check if there is a Pin, Password or a Pattern. KeyguardManager keyguardManager = (KeyguardManager)…
Lars
  • 794
  • 7
  • 21
8
votes
1 answer

Best practice check list to make Android WebView Secure

I am working on an application which is largely written in Native and supporting Ice Cream Sandwich. However, I need to add some WebViews. There are lots of discussions on WebView security and when I use setJavaScriptEnabled(true), it gives me a…
Steven
  • 209
  • 3
  • 11
8
votes
2 answers

Security alert about libpng in my google play console

I received a security alert in my google play console about 2 applications ( games made by buildbox ) , the alert said that my application uses a version of libpng which presents a security flaw , I can't find this lib in my project , any solution…
Med Anis
  • 277
  • 1
  • 4
  • 19
1 2
3
43 44