Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
0
votes
0 answers

Why Signature-Level-Protection is not working for my Android service?

I have an App1 which uses services of App2 (AIDL). Now I want signature level protection for the service in App2. Here is my manifest. App2: Manifest
Vinit Gaikwad
  • 329
  • 9
  • 21
0
votes
0 answers

cordova your apk has been rejected for containing security vulnerabilities

I have uploaded cordova app to playstore. But google reject app your apk has been rejected for containing security vulnerabilities I have cordova installed version 6.2.0. I checked PLATFORM_VERSION in cordova.js it is var…
Divyesh Savaliya
  • 2,692
  • 2
  • 18
  • 37
0
votes
1 answer

Need to store my 4 digit encrypted PIN in keystore

I just Googled about store PIN in key store. I got confused for the most of the solution. here is my question :- I have a encrypted PIN (string). How to store it in keystore and retrieve it. I know about shared preference and some local storage. but…
Happy
  • 1,031
  • 10
  • 26
0
votes
1 answer

Google Play Security Alert and OpenSSL version 1.0.1j after all possible updates

I received the Security Alert from Google Play regarding OpenSSL vulnerability. I do not use OpenSSL directly but one of the libraries that I am using could be. I have updated everything including JDK, SDK, gradle, all possible libraries but still…
athira09
  • 155
  • 1
  • 3
  • 18
0
votes
0 answers

X509TrustManager unsafe implementation but no such method is used on the code

I got this mail rejecting my new uploaded app on play store Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager. Specifically, the implementation ignores all SSL certificate validation…
Game funapp
  • 1
  • 2
0
votes
1 answer

How to fix apps containing an unsafe implementation of TrustManager, checkServertrusted method

This is my first time that I publish an application on Play store and my app is rejected. This is the message from google play : How to fix apps containing an unsafe implementation of TrustManager. ... To properly handle SSL certificate validation,…
Malcom
  • 283
  • 3
  • 11
0
votes
1 answer

Decryption returns an empty string when encrypting text in Android

I'm trying to save few text fields securely. For that I'm trying to encrypt and decrypt the content. This is the code: public class SecureStorage { public String getPassword() { if(!isRooted()) { String password =…
Adithya.K
  • 303
  • 2
  • 15
0
votes
1 answer

Developer Console: Android Security Alert libpng using old version cocos2d-x 2.2.6 game

Developer console is showing security alerts on all of my cocos2d-x v2.x games with detail of using old libpng. In cocos2d-x v2.2.6, I have found libpng two files png.h & pngconf.h with v1.2.46 and as resolution is suggested to use 1.2.56 latest…
Rai Saleem
  • 11
  • 4
0
votes
1 answer

Is Google Player Game Console still checking TrustManager implementation on Android apk?

As of June 6th 2016, is this check for alert still in effect for Google Player? https://support.google.com/faqs/answer/6346016 On June 6th, we submitted several testing app which are supposed to generate the security warning message in alpha/beta…
conviva device
  • 3
  • 1
0
votes
0 answers

Android session token handling

My android application has to maintain the session using token mechanism. Can someone tell me where to "securely" store the session token on the device? Is keychain mechanism introduced in Android 4.3 used by dev community for storing tokens?
user2058872
  • 79
  • 1
  • 3
0
votes
0 answers

How to prevent my app from being supplemented by ads by unauthorized users?

Today I found my app on some web-site. I downloaded the apk, disassembled it and found out that it includes a huge list of permissions that I did not include into my app and has the advertisements which was also included by someone else. Is there…
aga
  • 27,954
  • 13
  • 86
  • 121
0
votes
2 answers

How to prevent SharedPreferences from being changed

I'm worried about android security. I am storing the user id in sharedpreferences. I see some programs online that allow you to get into the sharedpreferences if your device is rooted... etc... How do I prevent my sharedpreferences from being…
johnjay22113
  • 133
  • 3
  • 10
0
votes
1 answer

Android on demand permission request

How to handle don't ask me again in android on demand permission request. Is their any best practice if the user chooses don't ask me again and later if he want to get access any best practice suggestion? Thanks.
Girma Mamuye
  • 7
  • 1
  • 4
0
votes
1 answer

Update Android Live app with new Encryption/Decryption algorithm

In my app, we have used CRYPTO provider to create random number.But it was removed in Android N. If app was relying on setSeed() to derive keys from strings, then we should switch to using SecretKeySpec to load raw key bytes directly OR use a real…
Ananth
  • 115
  • 3
  • 18
0
votes
1 answer

Programmatically connect to Wifi with password protected -Android?

We need to connect the wifi programmatically such that user cannot check the password for connected wifi using application in rooted phones. Is there any way or algorithm we could use to protect the password.
Navdroid
  • 1,541
  • 3
  • 25
  • 52
1 2 3
43 44