8. Device Security
Many of the security issues we’ve seen in this book are limited to a single device, such as the many examples of usernames and passwords or credit card information stored in the shared preferences on the device. There is no malware app—as yet—that, once it has been downloaded, targets an exploit to collect mass quantities of these usernames and passwords from a specific app with a known problem. For this to succeed, the shared preferences file or database would also have to be created as world_readable, which is not the default way to output to a file or SQLite database, so it’s unlikely but not impossible. It’s a very good reason to not root your phone in case some app uses root to gain access to those files.
These examples ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
