Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
6
votes
1 answer

Ask for unlock pattern - Android

Is there a way, I can ask a user for perform the unlock operation on his phone using the set pattern(passcode, fingerprint, etc) to access certain features of my application? For example, in iOS, I generate an OTP based on a QR code. I can ask the…
Prerak Sola
  • 9,517
  • 7
  • 36
  • 67
6
votes
1 answer

What is the best place to store secret keys in an Android app?

What is the best place to store API keys, Database encryption keys etc. in the app code so that nobody can get it by decompiling the code ? I used proguard to obfuscate the code but it didn't work on Strings.
MobileAppDeveloper
  • 1,048
  • 2
  • 16
  • 27
5
votes
1 answer

How to prevent/stop/disable android SDK EditText exposed to application class

I have an SDK that contains MYSDKActivity. In this activity layout, I have 1 edit text where the user can enter his card number. Any android Client who is integrating this SDK, can use ActivityLifecycleCallbacks in their application class and…
Kishan Maurya
  • 3,356
  • 8
  • 21
5
votes
2 answers

Is there a fix for task hijacking on Android <10?

I was reading this article about task hijacking on Android: https://blog.dixitaditya.com/android-task-hijacking/ I tried the recommend fix but can still reproduce the issue. I also tried specifying package names of Instagram, Gmail app as…
Sher Sanginov
  • 431
  • 5
  • 9
5
votes
0 answers

BroadcastReceiver Security Issue

Issue : Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked. Permission: com.google.android.c2dm.permission.SEND…
Okan Serdaroğlu
  • 358
  • 2
  • 7
5
votes
1 answer

Your app is vulnerable to Intent Redirection

I published an app to the Google Play store. I just received an email from Google that says that "Your app(s) are vulnerable to Intent Redirection. To address this issue, follow the steps in this Google Help Center article. " I have looked into the…
Syyam Noor
  • 474
  • 5
  • 15
5
votes
0 answers

Notification from Google Play || Security vulnerabilities || Intent Redirection

I got this mail from Google, it says that "app uses software that contains security vulnerabilities" but nowhere it tells which package or library is causing the vulnerability. On the google play console as well, I don't see details of this error…
DhobiLite Laundry
  • 51
  • 1
5
votes
0 answers

Got Mail From Google "Your app(s) are vulnerable to Intent Redirection" but cannot find vulnerability

When I update my app then I got a mail from google showing Hello Google Play Developer, We reviewed your app and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user…
Vidit Babele
  • 123
  • 4
5
votes
3 answers

React Native (Intent Redirection fix): What's the equivalent of getCallingActivity() to check for malicious redirection?

We were asked to make changes to our react native app when an updated version was submitted to Google Play Store. The issue highlighted was "Intent Redirection" vulnerability. It was legacy code, but nevertheless, better late than never. One of the…
deetho
  • 73
  • 7
5
votes
3 answers

Android: How to use GCP service account for Android app

I am using Google directions api in my app. Recently, I got warning from Google about the API key saying: Your app contains exposed Google Cloud Platform (GCP) API keys This is because the directions API needs auth key(I have that key in strings.xml…
Nitish
  • 3,097
  • 13
  • 45
  • 80
5
votes
1 answer

App contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability

I have an android application uploaded in google play store which uses Adobe Creative SDK. I have recently got an alert from play console that the app contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability at location…
dapps
  • 51
  • 1
  • 4
5
votes
1 answer

Purpose of "android:useEmbeddedDex" on Android Q

From here (https://developer.android.com/preview/features#embedded-dex), you can see that Android has introduced a new feature that allows code to be run directly from within the APK using embedded dex. I am curious though how this would be…
Jon
  • 1,381
  • 3
  • 16
  • 41
5
votes
0 answers

How to find the default bio-metrics preference of a user in Android 9(pie)

The app that I am working on right now only supports fingerprint authentication but in android 9(pie) the user is asked to select a default biometric preference for all its app. SO if the user selects face_id as a default authentication preference…
Natansh Pandya
  • 61
  • 3
5
votes
2 answers

Permission for reading/writing to the root folder in Android

Are there any permissions I can/must declare in my app, if I want the app to be able to scan the whole "/" folder (say to search for all .txt files e.g. recursively)? I am getting just null so far (when calling File.listFiles) no matter what…
peter.petrov
  • 38,363
  • 16
  • 94
  • 159
5
votes
0 answers

How to open select mock location app in developer option android?

I want to make user to redirect to developer option-> mock location when it has been enabled. My requirement is, when there is any fake gps location tracked, I need to redirect to developer option-> Select mock location app to disable. if…
Walter
  • 189
  • 2
  • 16
1 2 3
43 44