Google has launched a knowledge base of Android security vulnerabilities with the aim of helping developers make their Android apps more secure.

The Android Application Security Knowledge Base (AAKB), establishes guidelines for writing secure Android software. It is a repository of common code issues, with remediation examples and explanations for implementing specific code patterns.

Google already scans every app on Google Play for the most common security vulnerability classes, and alerts developers if a problem is detected. If a serious security vulnerability is detected and doesn't get fixed, Google may remove the app from Google Play.

However, the new knowledge base has been put together in recognition of the fact that developers need to know not just what vulnerabilities have been found, but also how to fix the issue and how to avoid similar issues in the future.

AAKB aims to establish guidelines for writing secure Android software. Details of vulnerabilities and advice on avoiding them is aligned to OWASP MASVS (Mobile Application Security Verification Standard) standards, which are the industry standards for mobile app security, and Google says content is vetted in partnership with technical peers, such as Microsoft, with the aim of ensuring the content is not biased to one party and represents state-of-the-art standards.

OWASP, Open Worldwide Application Security Project, is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security.

The guidance is available through the AAKB homepage, or in Android Studio which "triggers remediation guidance from lint checks by pointing directly to AAKB articles". Existing security lint checks within Android Studio Giraffe+ have had their descriptions updated to include a link to the relevant AAKB article.

The open-source Android Security lint checks also provide access to Google's most recent guidance and experiments.

More Information

Android Developer Webpage On Mitigating Security Risks

OWASP MASVS 

Related Articles

Bearer - A New SAST Tool On The Block

Secure Coding Best Practices for 2022

Google Drops APKs For Android

Google Quietly Kills Android Things

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info