Implement security by design for your apps
Our goal is to make Android the safest mobile platform in the world. That's why we consistently invest in technologies that bolster the security of the platform, its apps, and the global Android ecosystem.
It's a responsibility we share with you, as developers, to keep users safe and secure.

Security best practices
Encrypt your data
Always encrypt data saved to shared storage. Where data is sensitive, encrypt it in the app’s private storage to make it less accessible if the device is stolen and gets compromised.
The Jetpack Security library (JetSec) provides a quick and easy way to encrypt your data. It makes full use of the Android Keystore and executes cryptographic operations in secure hardware.
Detect insecure devices
Rooted or unlocked devices, or emulators may fail to protect user data and expose your app to attack. Use SafetyNet Attestation to determine if a device running your app has been tampered with. Based on the results from SafetyNet Attestation, consider acting to protect your app’s content.
Address issues found by Google Play
The App Security Improvement program is a service that helps detect known security vulnerabilities in your app. This service automatically scans your app as it’s submitted to Google Play. If any vulnerabilities are discovered, you get alerts by email and in the Google Play Console, with links to details about how to improve your app.
Be the first to know
You cannot eliminate the possibility of there being undetected vulnerabilities in your app. Security researchers commonly assess new and updated apps for security issues. By setting up a vulnerability disclosure program (VDP) you provide guidelines for these experts to disclose vulnerabilities to you. The guidelines should include policy, rules of engagement, scope, and safe harbor.
Test, test, and test again
Security issues can creep into even the most carefully crafted app. One way to guard against unexpected errors or security issues is to have a comprehensive testing program throughout your development lifecycle.
Follow best practices for preparing and executing your tests, and take advantage of the services offered by Firebase Test Labs to automatically execute tests on a range of devices.
Audit third-party libraries
Your app may rely on third-party libraries for common use cases. However, third-party libraries can be a source of data leakage, especially those using external services, such as those for marketing and analytics.
Audit your third-party libraries to check that you are using the original code from its open source project. Also, check to see whether any libraries are unnecessary. Then remove any libraries you don’t need or where you cannot be sure of the source.
This step is important because third-party libraries can cause your app to be flagged as potentially harmful per the Malware or Mobile Unwanted Software policies.