安全的Android应用程序 [英] Secure android application

问题描述

我正在开发一个将在平板电脑设备中实现的Android应用程序。该应用程序在sqlite数据库中存储用户敏感数据。我需要为数据和应用程序提供良好的安全性。



有没有办法为数据和我的应用程序提供更好的安全性？



我正在寻求免费解决方案。



提前致谢。



我的尝试：

I'm developing an android application which will implemented in a tablet device. The app store user sensitive data in sqlite database. I need to provide good security for the data and the application in general.

Is there any way to provide better security for data and my application in general ?

I'm loohing for free solution please.

Thanks in advance.

What I have tried:

推荐答案

引用：

有没有办法为数据和我的应用程序提供更好的安全性？

Is there any way to provide better security for data and my application in general ?

我们无法给你任何具体的建议 - 我们不知道是什么你已经尝试过，甚至是你的应用程序应该做的事情。



但一般的建议是：

1）阅读安全性 - 有完整的书籍写在上面，重要的是你知道你在做什么，因为它很容易弄错。

2）从（1）开始，密码安全非常重要：所以新手倾向于加密它们。那是错的：总是哈希密码。加密与以纯文本格式存储一样安全。

3）了解常见的弱点，并设计代码以避免它们。例如，永远不要连接字符串以形成SQL命令 - 这使您对SQL注入开放。

4）加密数据很好，但它只有加密密钥一样安全。确保密钥（以及任何盐值）的安全性很复杂，但它会让您的应用程序更安全

5）在许多情况下，用户信息及其存储都受到大量法规的约束 - 请参阅GDPR通知已经在网站上出现了几个月 - 你需要知道你的应用程序运行的国家/地区的法律要求是什么。



基本上，如果您不知道自己在做什么，那么在开始设计应用程序之前先学习一下。获取其中一本书，然后开始阅读！

We can't give you any specific advice - we have no idea what you have tried, or even what Your app is supposed to do.

But general advice would be:
1) Read up on security - there are whole books written on it and it's important that you know what you are doing because it is horribly easy to get it wrong.
2) Following from (1), password security is very important: so novices tend to encrypt them. That's wrong: always hash passwords. Encryption is about as secure as storing them in plain text.
3) Know what common weaknesses are, and design your code to avoid them. For example, never concatenate strings to form SQL commands - that leaves you open to SQL Injection.
4) Encrypted data is good, but it's only as secure as the encryption key. Securing the key (and any salt value) is complicated, but it makes you app "safer"
5) In many cases, user information and it's storage is covered by a significant amount of legislation - see the GDPR notices that have been appearing all over websites for a couple of months - you need to know what those legal requirements are within the country your app will operate.

Basically, if you don't know what you are doing, then learn before you start even designing your app. Get one of the books, and start reading!

这篇关于安全的Android应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！