Identifying assets, threats, and attacks
There is nothing like absolute security. When we talk about data security, we need to identify what is it that we are protecting and from whom. The following three questions can help us map our approach:
- What are we trying to protect? From an Android application perspective, are we trying to protect the username and password of the user, or the coupon code and credit card number that a user might enter to make a purchase through your application, or rights protected song or picture that the user purchased using your app? By answering this question we can nail down our assets.
- Who are we trying to protect the asset from? In other words, what is our threat? Are we trying to protect user data from other applications ...