开发安全的 Android 应用

1、发布的应用应当开启 Proguard/R8

能够防止简单的反编译；能够去除无用的代码，减少应用体积等，在 build.gradle 文件中简单配置即可开启：

buildTypes {
    release {
        minifyEnabled true
        shrinkResources true
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
    }
}

https://medium.com/androiddevelopers/practical-proguard-rules-examples-5640a3907dc9

2 、不要把密码和私钥保存在 shared preference 中

3、Log 打印

推荐使用 Timber

https://medium.com/@caueferreira/timber-enhancing-your-logging-experience-330e8af97341

4、Use Internal Storage for Sensitive data

Store all private user data within the device’s internal storage, which is sandboxed per app. This means that files cannot be accessed by any other app on the device. Your app doesn’t need to request permission to view these files. Files inside this directory are very secure because they use the MODE_PRIVATE file creation mode by default. As an added security measure, when the user uninstalls an app, the device deletes all files that the app saved within internal storage.

You can access it like this. A bonus point encrypt that data before storing it on the desk

val file = File(context.filesDir,"my_super_secret_file.txt")

5、Do not pass sensitive information through Broadcast

https://proandroiddev.com/developing-secure-android-apps-8edad978d8ba