Riduci i rischi per la sicurezza nella tua app
Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
Rendendo la tua app più sicura, contribuisci a preservare la fiducia degli utenti e l'integrità del dispositivo.
Questa pagina presenta una serie di problemi di sicurezza comuni affrontati dagli sviluppatori di app per Android. Puoi utilizzare questi contenuti nei seguenti modi:
- Scopri di più su come proteggere in modo proattivo le tue app.
- Scopri come reagire nel caso in cui uno di questi problemi venga rilevato nella tua app.
L'elenco seguente contiene link a pagine dedicate per ogni singolo problema, ordinati in categorie in base ai controlli OWASP MASVS. Ogni pagina include un riepilogo, una dichiarazione sull'impatto e suggerimenti per attenuare il rischio per la tua app.
MASVS-STORAGE: archiviazione
Descrizione della categoria OWASP
MASVS-CRYPTO: crittografia
Descrizione della categoria OWASP
MASVS-NETWORK: Network Communication
Descrizione della categoria OWASP
Descrizione della categoria OWASP
MASVS-CODE: Qualità del codice
Descrizione della categoria OWASP
I campioni di contenuti e codice in questa pagina sono soggetti alle licenze descritte nella Licenza per i contenuti. Java e OpenJDK sono marchi o marchi registrati di Oracle e/o delle sue società consociate.
Ultimo aggiornamento 2025-07-26 UTC.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Mancano le informazioni di cui ho bisogno","missingTheInformationINeed","thumb-down"],["Troppo complicato/troppi passaggi","tooComplicatedTooManySteps","thumb-down"],["Obsoleti","outOfDate","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Problema relativo a esempi/codice","samplesCodeIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-07-26 UTC."],[],[],null,["# Mitigate security risks in your app\n\nBy making your app more secure, you help preserve user trust and device\nintegrity.\n\nThis page presents a set of common security issues that Android app developers\nface. You can use this content in the following ways:\n\n- Learn more about how to proactively secure your apps.\n- Understand how to react in the event that one of these issues is discovered in your app.\n\nThe following list contains links to dedicated pages for each individual issue,\nsorted into categories based on [OWASP MASVS](https://mas.owasp.org/MASVS/)\ncontrols. Each page includes a summary, impact statement, and tips for\nmitigating the risk to your app.\n\n### MASVS-STORAGE: Storage\n\n[OWASP category description](https://mas.owasp.org/MASVS/05-MASVS-STORAGE)\n\n- [Improperly Exposed Directories to FileProvider](/privacy-and-security/risks/file-providers)\n- [Log Info Disclosure](/privacy-and-security/risks/log-info-disclosure)\n- [Path traversal](/privacy-and-security/risks/path-traversal)\n- [Sensitive Data Stored in External Storage](/privacy-and-security/risks/sensitive-data-external-storage)\n- [WebViews -- Unsafe File Inclusion](/privacy-and-security/risks/webview-unsafe-file-inclusion)\n- [Zip Path Traversal](/privacy-and-security/risks/zip-path-traversal)\n\n### MASVS-CRYPTO: Cryptography\n\n[OWASP category description](https://mas.owasp.org/MASVS/06-MASVS-CRYPTO)\n\n- [Broken or risky cryptographic algorithm](/privacy-and-security/risks/broken-cryptographic-algorithm)\n- [Hardcoded Cryptographic Secrets](/privacy-and-security/risks/hardcoded-cryptographic-secrets)\n- [Weak PRNG](/privacy-and-security/risks/weak-prng)\n\n### MASVS-NETWORK: Network Communication\n\n[OWASP category description](https://mas.owasp.org/MASVS/08-MASVS-NETWORK)\n\n- [Cleartext communications](/privacy-and-security/risks/cleartext-communications)\n- [Insecure DNS Setup](/privacy-and-security/risks/bad-dns)\n- [Unsafe Download Manager](/privacy-and-security/risks/unsafe-download-manager)\n\n### MASVS-PLATFORM: Platform Interaction\n\n[OWASP category description](https://mas.owasp.org/MASVS/09-MASVS-PLATFORM)\n\n- [Content resolvers](/privacy-and-security/risks/content-resolver)\n- [Implicit Intent hijacking](/privacy-and-security/risks/implicit-intent-hijacking)\n- [Insecure API usage](/privacy-and-security/risks/insecure-api-usage)\n- [Insecure broadcast receivers](/privacy-and-security/risks/insecure-broadcast-receiver)\n- [Intent redirection](/privacy-and-security/risks/intent-redirection)\n- [Permission-based access control to exported components](/privacy-and-security/risks/access-control-to-exported-components)\n- [Pending Intents](/privacy-and-security/risks/pending-intent)\n- [Sender of Pending Intents](/privacy-and-security/risks/sender-of-pending-intents)\n- [Sticky Broadcasts](/privacy-and-security/risks/sticky-broadcast)\n- [StrandHogg Attack / Task Affinity Vulnerability](/privacy-and-security/risks/strandhogg)\n- [Tapjacking](/privacy-and-security/risks/tapjacking)\n- [Unsafe use of deep links](/privacy-and-security/risks/unsafe-use-of-deeplinks)\n- [WebView -- Native bridges](/privacy-and-security/risks/insecure-webview-native-bridges)\n- [android:debuggable](/privacy-and-security/risks/android-debuggable)\n- [android:exported](/privacy-and-security/risks/android-exported)\n\n### MASVS-CODE: Code Quality\n\n[OWASP category description](https://mas.owasp.org/MASVS/10-MASVS-CODE)\n\n- [Cross-App Scripting](/privacy-and-security/risks/cross-app-scripting)\n- [Custom Permissions](/privacy-and-security/risks/custom-permissions)\n- [createPackageContext](/privacy-and-security/risks/create-package-context)\n- [Dynamic code loading](/privacy-and-security/risks/dynamic-code-loading)\n- [Improperly trusting ContentProvider-provided filename](/privacy-and-security/risks/untrustworthy-contentprovider-provided-filename)\n- [Insecure API or Library](/privacy-and-security/risks/insecure-library)\n- [Insecure Machine-to-Machine communication setup](/privacy-and-security/risks/insecure-machine-to-machine)\n- [Security best practices for backups](/privacy-and-security/risks/backup-best-practices)\n- [Secure Clipboard Handling](/privacy-and-security/risks/secure-clipboard-handling)\n- [SQL injection](/privacy-and-security/risks/sql-injection)\n- [Test/Debug Features](/privacy-and-security/risks/test-debug)\n- [Unsafe Deserialization](/privacy-and-security/risks/unsafe-deserialization)\n- [Unsafe HostnameVerifier](/privacy-and-security/risks/unsafe-hostname)\n- [Unsafe X509TrustManager](/privacy-and-security/risks/unsafe-trustmanager)\n- [Use of native code](/privacy-and-security/risks/use-of-native-code)\n- [XML External Entities Injection](/privacy-and-security/risks/xml-external-entities-injection)\n- [Webviews - Unsafe URI Loading](/privacy-and-security/risks/unsafe-uri-loading)"]]
