Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
8
votes
1 answer

How to securely share data between two or more applications in android?

I am making an application framework for the enterprise environment which involves data sharing between two or more applications from the device memory. This data needs to be stored on the device and accessible to only a few applications (which can…
Keya Madhukar
  • 111
  • 1
  • 5
7
votes
3 answers

How to resolve KeyStoreConnectException on Android 10?

My app is working pretty well on all the Android OS except Android 10. I am using the Motorola One Power device which got updated with Android 10. We are using Android Keystore to encrypt databases. App is getting crash on luanch with below…
Rohan Patel
  • 1,758
  • 2
  • 21
  • 38
7
votes
3 answers

OkHttp: <-- HTTP FAILED: java.net.UnknownServiceException: CLEARTEXT communication to 10.0.2.2 not permitted by network security policy

I have implemented google sign-in with Firebase authentication in my Android app succesfully. As you see, I have logged-in with my account and it appears on the Firebase console. The function firebaseAuthWithGoogle authenticates the user with…
AG_HIHI
  • 1,705
  • 5
  • 27
  • 69
7
votes
4 answers

Android - Best way to hide API clientId & clientSecret

I would like to have your opinion on the best way to hide an API key and secret key. I found 2 ways : Use NDK like that : https://medium.com/@abhi007tyagi/storing-api-keys-using-android-ndk-6abb0adcadad Use Gradle like that :…
Louis
  • 406
  • 6
  • 13
7
votes
1 answer

Storing keys in Android

I am writting app for Android and I have to store two keys that I will use to encrypt/decrypt some messages. ( I have to store private key RSA). I've read: https://developer.android.com/training/articles/keystore.html#WhichShouldIUse and there is a…
user6262188
7
votes
0 answers

Godot Engine published app gets security alert after adding AdMob

I recently released a simple game made with Godot Engine and after adding the Google AdMob library to display ads, I get this security alert : Your app contains URL credentials, which is often unintentional. Please see this Google Help Center…
PayToPwn
  • 1,238
  • 1
  • 16
  • 29
7
votes
2 answers

Android Fingerprint - Crypto primitive not backed by AndroidKeyStore provider

I'm trying to implement android Fingerprint into a sample application. The used cipher is not recogniced as valid - but I dont know why, since based on the android docs, it should be supported. The cipher is built on: return…
Christof Buechi
  • 163
  • 1
  • 12
7
votes
4 answers

an unsafe implementation of the interface X509TrustManager from google

I hava an app in Google Play, I received a mail from Google saying that: Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager. Specifically, the implementation ignores all SSL certificate…
zys
  • 1,306
  • 3
  • 18
  • 37
7
votes
3 answers

Custom permission with implicit intent

In view of the security model in Android, I'm trying to use custom permissions with a broadcast receiver. WHAT I'VE DONE : I have declared a custom permission for the receiver, thereby limiting the broadcasts that it can receive. Some code from…
gaurav jain
  • 3,119
  • 3
  • 31
  • 48
6
votes
1 answer

Zoom SDK Vulnerability issue in Android

Ever since we have integrated Zoom SDK, Google has started sending vulnerability warning mails; if not fixed they will take the app down. As per the Zoom blog article on Zoom Rolling Out End-to-End Encryption Offering, they have worked on security…
TheLittleNaruto
  • 8,325
  • 4
  • 54
  • 73
6
votes
0 answers

Google Play Intent Redirection issue

So I just tried to update a long-standing Unity built game on the Play Store but received a rejection mail back from Google as follows : Intent Redirection - Your app(s) are vulnerable to Intent Redirection. They offer a link with 3 separate…
Kinkladze Games
  • 61
  • 2
6
votes
2 answers

Google Play Pre-launch Reports Security Vulnerability Which Says Cleartext traffic allowed for all domains

Google Play Pre-launch Reports Security Vulnerability Which Says that Your app's Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive…
Sarath Kumar
  • 1,922
  • 3
  • 19
  • 43
6
votes
2 answers

Apksigner does not verify signature

i was trying to verify the signature of the latest Gmail App (Version 8.11.25.224) with apksigner and it failed. I used: apksigner verifiy --verbose --print-certs The result was: DOES NOT VERIFY ERROR: APK Signature Scheme v2 signer #1…
Xes Raw
  • 61
  • 1
  • 1
  • 2
6
votes
1 answer

Certificate Pinning on Android with Robospice

I'm reading about certificate pinning on Android and I'm confused. I'm not using okhttp or retrofit so I have to do it manually. There is a tutorial here: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#Android where they are…
falsetto
  • 789
  • 2
  • 11
  • 35
6
votes
1 answer

Retrieving a users credentials (username & password) via a android keystore with fingerprint

I am building an android app where I need to authenticate the user via an username and password (on the backed) using the Fingerprint api. Here's my understanding what I need to do in the simplest terms. On login after the user has entered a…
FlashAsh80
  • 1,357
  • 1
  • 16
  • 27
1 2 3
43 44