AndroidStarterAlt

A sample View-based Android app using the MVP architecture. It uses Mosby, Dagger2, RxJava, retrofit, LoganSquare, requery, EventBus, Conductor.

View on GitHub

Android application security

How to test Android application security?

Decompile APK file

grep -REo '(http|https)://[^/"]+' . | grep -v 'Binary\|retrofit2\|android.com'

Use a rooted device or a simulator

What to search?

Capture HTTP traffic

What to search?

A relevant tool: QARK

Android specific things

Code obfuscation: Proguard, DexGuard

Preferences: Hawk

SQLite databases: SQLCipher

new SqlCipherDatabaseSource(context, Models.DEFAULT, "db_name.sqlite", "db_password", DB_VERSION);

See also

URL storage

For example, run the following code:

String password = "android_starter_alt";
String message = "https://api.github.com";
String encryptedMsg = AESCrypt.encrypt(password, message);

And the encryptedMsg variable contains the value to store in source file and to decrypt at runtime.

Server-side

Resources

Other