Reduzir os riscos de segurança no app
Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Ao deixar seu app mais seguro, você ajuda a preservar a confiança do usuário e a integridade do
dispositivo.
Esta página apresenta um conjunto de problemas de segurança comuns que os desenvolvedores de apps
Android enfrentam. Você pode usar esse conteúdo para:
- Saber mais sobre como proteger seus apps de maneira proativa.
- Entender como reagir se um desses problemas for descoberto no
seu app.
A lista a seguir contém links para páginas dedicadas a cada problema individual,
classificadas em categorias com base nos controles
OWASP MASVS. Cada página inclui um resumo, uma declaração de impacto e dicas para
reduzir o risco do seu app.
MASVS-STORAGE: armazenamento
Descrição da categoria do OWASP (link em inglês)
MASVS-CRYPTO: criptografia
Descrição da categoria do OWASP (link em inglês)
MASVS-NETWORK: comunicação de rede
Descrição da categoria do OWASP (link em inglês)
Descrição da categoria do OWASP (link em inglês)
MASVS-CODE: qualidade do código
Descrição da categoria do OWASP (link em inglês)
O conteúdo e os exemplos de código nesta página estão sujeitos às licenças descritas na Licença de conteúdo. Java e OpenJDK são marcas registradas da Oracle e/ou suas afiliadas.
Última atualização 2025-07-26 UTC.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Não contém as informações de que eu preciso","missingTheInformationINeed","thumb-down"],["Muito complicado / etapas demais","tooComplicatedTooManySteps","thumb-down"],["Desatualizado","outOfDate","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Problema com as amostras / o código","samplesCodeIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-07-26 UTC."],[],[],null,["# Mitigate security risks in your app\n\nBy making your app more secure, you help preserve user trust and device\nintegrity.\n\nThis page presents a set of common security issues that Android app developers\nface. You can use this content in the following ways:\n\n- Learn more about how to proactively secure your apps.\n- Understand how to react in the event that one of these issues is discovered in your app.\n\nThe following list contains links to dedicated pages for each individual issue,\nsorted into categories based on [OWASP MASVS](https://mas.owasp.org/MASVS/)\ncontrols. Each page includes a summary, impact statement, and tips for\nmitigating the risk to your app.\n\n### MASVS-STORAGE: Storage\n\n[OWASP category description](https://mas.owasp.org/MASVS/05-MASVS-STORAGE)\n\n- [Improperly Exposed Directories to FileProvider](/privacy-and-security/risks/file-providers)\n- [Log Info Disclosure](/privacy-and-security/risks/log-info-disclosure)\n- [Path traversal](/privacy-and-security/risks/path-traversal)\n- [Sensitive Data Stored in External Storage](/privacy-and-security/risks/sensitive-data-external-storage)\n- [WebViews -- Unsafe File Inclusion](/privacy-and-security/risks/webview-unsafe-file-inclusion)\n- [Zip Path Traversal](/privacy-and-security/risks/zip-path-traversal)\n\n### MASVS-CRYPTO: Cryptography\n\n[OWASP category description](https://mas.owasp.org/MASVS/06-MASVS-CRYPTO)\n\n- [Broken or risky cryptographic algorithm](/privacy-and-security/risks/broken-cryptographic-algorithm)\n- [Hardcoded Cryptographic Secrets](/privacy-and-security/risks/hardcoded-cryptographic-secrets)\n- [Weak PRNG](/privacy-and-security/risks/weak-prng)\n\n### MASVS-NETWORK: Network Communication\n\n[OWASP category description](https://mas.owasp.org/MASVS/08-MASVS-NETWORK)\n\n- [Cleartext communications](/privacy-and-security/risks/cleartext-communications)\n- [Insecure DNS Setup](/privacy-and-security/risks/bad-dns)\n- [Unsafe Download Manager](/privacy-and-security/risks/unsafe-download-manager)\n\n### MASVS-PLATFORM: Platform Interaction\n\n[OWASP category description](https://mas.owasp.org/MASVS/09-MASVS-PLATFORM)\n\n- [Content resolvers](/privacy-and-security/risks/content-resolver)\n- [Implicit Intent hijacking](/privacy-and-security/risks/implicit-intent-hijacking)\n- [Insecure API usage](/privacy-and-security/risks/insecure-api-usage)\n- [Insecure broadcast receivers](/privacy-and-security/risks/insecure-broadcast-receiver)\n- [Intent redirection](/privacy-and-security/risks/intent-redirection)\n- [Permission-based access control to exported components](/privacy-and-security/risks/access-control-to-exported-components)\n- [Pending Intents](/privacy-and-security/risks/pending-intent)\n- [Sender of Pending Intents](/privacy-and-security/risks/sender-of-pending-intents)\n- [Sticky Broadcasts](/privacy-and-security/risks/sticky-broadcast)\n- [StrandHogg Attack / Task Affinity Vulnerability](/privacy-and-security/risks/strandhogg)\n- [Tapjacking](/privacy-and-security/risks/tapjacking)\n- [Unsafe use of deep links](/privacy-and-security/risks/unsafe-use-of-deeplinks)\n- [WebView -- Native bridges](/privacy-and-security/risks/insecure-webview-native-bridges)\n- [android:debuggable](/privacy-and-security/risks/android-debuggable)\n- [android:exported](/privacy-and-security/risks/android-exported)\n\n### MASVS-CODE: Code Quality\n\n[OWASP category description](https://mas.owasp.org/MASVS/10-MASVS-CODE)\n\n- [Cross-App Scripting](/privacy-and-security/risks/cross-app-scripting)\n- [Custom Permissions](/privacy-and-security/risks/custom-permissions)\n- [createPackageContext](/privacy-and-security/risks/create-package-context)\n- [Dynamic code loading](/privacy-and-security/risks/dynamic-code-loading)\n- [Improperly trusting ContentProvider-provided filename](/privacy-and-security/risks/untrustworthy-contentprovider-provided-filename)\n- [Insecure API or Library](/privacy-and-security/risks/insecure-library)\n- [Insecure Machine-to-Machine communication setup](/privacy-and-security/risks/insecure-machine-to-machine)\n- [Security best practices for backups](/privacy-and-security/risks/backup-best-practices)\n- [Secure Clipboard Handling](/privacy-and-security/risks/secure-clipboard-handling)\n- [SQL injection](/privacy-and-security/risks/sql-injection)\n- [Test/Debug Features](/privacy-and-security/risks/test-debug)\n- [Unsafe Deserialization](/privacy-and-security/risks/unsafe-deserialization)\n- [Unsafe HostnameVerifier](/privacy-and-security/risks/unsafe-hostname)\n- [Unsafe X509TrustManager](/privacy-and-security/risks/unsafe-trustmanager)\n- [Use of native code](/privacy-and-security/risks/use-of-native-code)\n- [XML External Entities Injection](/privacy-and-security/risks/xml-external-entities-injection)\n- [Webviews - Unsafe URI Loading](/privacy-and-security/risks/unsafe-uri-loading)"]]
