Transferring the Risk
Most Android apps include code that is reused or outsourced, or that contains third-party libraries. These libraries are distributed, often in binary format, or sometimes they come with the source code. But other than the vendors or open source developers, nobody really knows exactly what the code does.
There is a level of trust that occurs whereby a developer assumes that the code is not taking advantage of you as the developer and, ultimately, your users.
Over the last few years there have been a number of newspaper articles about third-party apps being responsible for unauthorized transmissions of a user’s location information (see Figure 7-1 for an article about AdMob collecting location information from Pandora users). ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
