By making your app more secure, you help preserve user trust and device integrity.
This page presents a set of common security issues that Android app developers face. You can use this content in the following ways:
- Learn more about how to proactively secure your apps.
- Understand how to react in the event that one of these issues is discovered in your app.
The following list contains links to dedicated pages for each individual issue, sorted into categories based on OWASP MASVS controls. Each page includes a summary, impact statement, and tips for mitigating the risk to your app.
MASVS-STORAGE: Storage
- Backup Leaks
- Improperly Exposed Directories to FileProvider
- Log Info Disclosure
- Path traversal
- Zip Path Traversal
MASVS-CRYPTO: Cryptography
MASVS-NETWORK: Network Communication
MASVS-PLATFORM: Platform Interaction
- Content resolvers
- Implicit Intent hijacking
- Intent redirection
- Pending intents
- Sticky Broadcasts
- StrandHogg Attack / Task Affinity Vulnerability
- Tapjacking
- android:debuggable
- android:exported
MASVS-CODE: Code Quality
- Insecure API or Library
- SQL injection
- Test/Debug Features
- Unsafe HostnameVerifier
- Webviews - Unsafe URI Loading