O'Reilly logo

Bulletproof Android™: Practical Advice for Building Secure Apps by Godfrey Nolan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Take 3

In the next example (see Listing 3-5), I’ve added a check to see if the app on the phone or device has been used before, courtesy of its AndroidID. What I’m not suggesting here is that you use the AndroidID as a replacement for the user’s login and password; rather, think about using it to supplement the authentication process.

If an app caches the username and password so you don’t have to enter the password when you open the app, then it’s stored somewhere on the phone and your app is probably insecure.

The AndroidID is not a secure token; in our example you should be able to see that it is easy to spoof creating a fake shared preferences file to make the app think it’s on a different device.

I use the Android ID in our example; this ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required