没有合适的资源?快使用搜索试试~ 我知道了~
Android编码安全规范
3星 · 超过75%的资源 需积分: 10 68 下载量 146 浏览量
2015-03-30
23:27:06
上传
评论
收藏 5.62MB PDF 举报
温馨提示
试读
385页
本文档介绍了在Android编码中可能存在的一些安全陷阱,并为此给出了推荐的代码返利。
资源推荐
资源详情
资源评论
Android Application Secure Design/Secure Coding Guidebook April 1st, 2014 version
http://www.jssec.org/dl/android_securecoding_en.pdf
Android Application
Secure Design/Secure Coding
Guidebook
- Secure communication! -
April 1st, 2014 version
Japan Smartphone Security Association (JSSEC)
Secure Coding Group
Document control number: JSSEC-TECA-SC-GD20140401BE
Android Application Secure Design/Secure Coding Guidebook April 1st, 2014 version
http://www.jssec.org/dl/android_securecoding_en.pdf
The content of this guide is up to date as of the time of publication, but standards and environments are constantly evolving.
When using sample code, make sure you are adhering to the latest coding standards and best practices.
JSSEC and the writers of this guide are not responsible for how you use this document. Full responsibility lies with you, the user
of the information provided.
Android™ is a trademark or a registered trademark of Google Inc.
The company names, product names and service names appearing in this document are generally the registered trademarks or
trademarks of their respective companies.
Further, the registered trademark ®, trademark (TM) and copyright © symbols are not used throughout this document.
Parts of this document are copied from or based on content created and provided by Google, Inc. They are used here in
accordance with the provisions of the Creative Commons Attribution 3.0 License
2 All rights reserved © Japan Smartphone Security Association.
Android Application Secure Design/Secure Coding Guidebook April 1st, 2014 version
http://www.jssec.org/dl/android_securecoding_en.pdf
Android Application Secure Design/Secure Coding Guidebook
- Beta version -
April 1st, 2014
Japan Smartphone Security Association
Secure Coding Group
Index
1. Introduction ................................................................................................................................ 9
1.1. Building a Secure Smartphone Society ................................................................................... 9
1.2. Timely Feedback on a Regular Basis Through the Beta Version ............................................. 10
1.3. Usage Agreement of the Guidebook .................................................................................... 11
2. Composition of the Guidebook .................................................................................................. 12
2.1. Developer's Context ............................................................................................................ 12
2.2. Sample Code, Rule Book, Advanced Topics .......................................................................... 13
2.3. The Scope of the Guidebook ............................................................................................... 16
2.4. Literature on Android Secure Coding ................................................................................... 17
2.5. Steps to Install Sample Codes into Eclipse ........................................................................... 18
3. Basic Knowledge of Secure Design and Secure Coding ............................................................... 34
3.1. Android Application Security ............................................................................................... 34
3.2. Handling Input Data Carefully and Securely ......................................................................... 47
4. Using Technology in a Safe Way ................................................................................................. 49
4.1. Creating/Using Activities .................................................................................................... 49
4.2. Receiving/Sending Broadcasts ............................................................................................. 93
4.3. Creating/Using Content Providers ..................................................................................... 126
4.4. Creating/Using Services .................................................................................................... 175
4.5. Using SQLite ..................................................................................................................... 219
4.6. Handling Files ................................................................................................................... 237
4.7. Using Browsable Intent ...................................................................................................... 264
4.8. Outputting Log to LogCat .................................................................................................. 268
4.9. Using WebView ................................................................................................................. 280
5. How to use Security Functions ................................................................................................. 291
5.1. Creating Password Input Screens ....................................................................................... 291
5.2. Permission and Protection Level ........................................................................................ 306
5.3. Add In-house Accounts to Account Manager ..................................................................... 334
5.4. Communicating via HTTPS ................................................................................................ 353
6. Difficult Problems ................................................................................................................... 375
6.1. Risk of Information Leakage from Clipboard ...................................................................... 375
1.1 Building a Secure Smartphone Society
3
Android Application Secure Design/Secure Coding Guidebook April 1st, 2014 version
http://www.jssec.org/dl/android_securecoding_en.pdf
Revision history
Date Revised contents
2014-4-01
Initial English version
New versions of the guidebook updated based on public opinions and comments.
4 All rights reserved © Japan Smartphone Security Association.
Android Application Secure Design/Secure Coding Guidebook April 1st, 2014 version
http://www.jssec.org/dl/android_securecoding_en.pdf
- Published by -
Japan Smartphone Security Association
Secure Coding Group, Application Working Group, Smartphone Technology Committee
Leader Masaru Matsunami Sony Digital Network Applications, Inc.
Member Tomoyuki Hasegawa Android Security Japan
Mayumi Nishiyama BJIT Inc.
Tohru Ohzono Cisco Systems, Inc.
Masaki Kubo Japan Computer Emergency Response Team
Coordination Center (JPCERT/CC)
Daniel Burrowes Kobe Digital Labo Inc.
Zachary Mathis Kobe Digital Labo Inc.
Renta Futamura NextGen, Inc.
Naonobu Yatsukawa Nihon Unisys, Ltd.
Shigenori Takei NTT Software Corporation
Ikuya Fukumoto Software Research Associates, Inc.
Tsutomu Kumazawa Software Research Associates, Inc.
Akira Ando Sony Digital Network Applications, Inc.
Hiroko Nakajima Sony Digital Network Applications, Inc.
Ken Okuyama Sony Digital Network Applications, Inc.
Satoshi Fujimura Sony Digital Network Applications, Inc.
Setsuko Kaji Sony Digital Network Applications, Inc.
Taeko Ito Sony Digital Network Applications, Inc.
Yoshinori Kataoka Sony Digital Network Applications, Inc.
Hidenori Yamaji Sony Mobile Communications Inc.
Takuya Nishibayashi Sony Mobile Communications Inc.
Koji Isoda Symantec Japan, Inc.
Gaku Taniguchi Tao Software, Inc.
Michiyoshi Sato Tokyo System House Co., Ltd.
(In no particular order)
1.1 Building a Secure Smartphone Society
5
剩余384页未读,继续阅读
资源评论
- wangyingliang2017-03-21英文版的,写材料无法直接使用
- JustMakeIt2018-03-21很有帮助,非常感谢
Roland_Sun
- 粉丝: 480
- 资源: 14
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功