App security best practices
[https://developer.android.com/topic/security/best-practices]
research of android security [https://tproger.ru/digest/android-security-resources/]
SSL pinning защита мобильного банкинга на android с помощью ssl сертификата [https://www.emaro-ssl.ru/blog/ssl-pinning-for-android/] [pdf]
Безопасность со вкусом Google [https://habr.com/ru/company/redmadrobot/blog/452252/]
Android AES crypto encryption [https://habrahabr.ru/company/rambler-co/blog/279835/] AES/CBC/PKCS5Padding [pdf]
Tampering detection Android [https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app]
Organized Secure Storage — EncryptedSharedPreferences
22.05.2020 [https://medium.com/vmware-end-user-computing/organized-secure-storage-encryptedsharedpreferences-72b2d71a8558]
TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them
[https://github.com/KasperskyLab/TinyCheck]
Топ-10 уязвимостей мобильных приложений и способы их устранения
[https://habr.com/ru/company/ruvds/blog/537456/]
Adapt your app for the latest privacy best practices
10.09.2020 [https://medium.com/androiddevelopers/adapt-your-app-for-the-latest-privacy-best-practices-d7469a547314]
Using BiometricPrompt with CryptoObject: How and Why
27.02.2020 [https://medium.com/androiddevelopers/using-biometricprompt-with-cryptoobject-how-and-why-aace500ccdb7]
Securing a Room Database With Passcode-Based Encryption
22.06.2020 [https://medium.com/vmware-end-user-computing/securing-a-room-database-with-passcode-based-encryption-82ec670961e] SQLCipher
Securing a Room Database With Passcode-Based Encryption
[https://medium.com/vmware-end-user-computing/securing-a-room-database-with-passcode-based-encryption-82ec670961e]
Android SQLite API based on SQLCipher
[https://github.com/sqlcipher/android-database-sqlcipher]
AndroidX: Security library [https://scottyab.com/2019/10/androidx-security-library/]
Migrating from FingerprintManager to BiometricPrompt [https://medium.com/androiddevelopers/migrating-from-fingerprintmanager-to-biometricprompt-4bc5f570dccd]
Androidx Biometric library code review [https://medium.com/@dimezis/androidx-biometric-library-code-review-3eb83f0796ba]
Biometrics in Android
[https://proandroiddev.com/biometrics-in-android-50424de8d0e]
How to enable logging on any released Android app [https://proandroiddev.com/how-to-enable-logging-on-any-android-app-5880f2d1a6fc]
Encrypted Preferences in Android [https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8]
Certificate transparency for Android and Java [https://github.com/babylonhealth/certificate-transparency-android]
Безопасная передача данных между двумя приложениями [https://habr.com/ru/company/tinkoff/blog/448198/]
Authentication Android SSL client cert [https://habrahabr.ru/post/194530/] [pdf]
Tips for Developing Secure Android Applications [https://medium.com/@saranyaan2710/tips-for-developing-secure-android-applications-984a89ae3190]
Using a Custom Certificate Trust Store on Android [https://nelenkov.blogspot.com/2011/12/using-custom-certificate-trust-store-on.html]
Secure data in Android — Encryption
This article is a part of “Secure data in Android” series:
Encryption
Encryption in Android (Part 1)
Encryption in Android (Part 2)
Encrypting Large Data
Initialization Vector
Key Invalidation
Fingerprint
Confirm Credentials
Modern Security in Android (part 1)
[https://medium.com/knowing-android/modern-security-in-android-part-1-6282bcb71e6c]
[https://medium.com/knowing-android/modern-security-in-android-part-2-743cd7c0941a]
[https://medium.com/knowing-android/modern-security-in-android-part-3-bea8cc6f984f]
[https://medium.com/knowing-android/modern-security-in-android-part-4-495655c7d4fe]
Storing data securely on Android-KeyStore Symmetric [ https://android.jlelse.eu/storing-data-securely-on-android-keystore-symmetric-4a55b8465cda ]
Storing data securely on Android-Introduction [ https://android.jlelse.eu/storing-data-securely-on-android-a3b532bc4d02 ]
Storing data securely on Android-KeyStore Asymmetric [ https://android.jlelse.eu/storing-data-securely-on-android-keystore-asymmetric-83b1dc5f47db ]
Secure Communication With the Server From Your Android Client With Certificate Pinning [ https://medium.com/better-programming/secure-communication-with-the-server-from-your-android-client-with-certificate-pinning-5f53cea55972 ]
Secured by Knox — механизмы мобильной безопасности Samsung [ https://habr.com/ru/company/samsung/blog/479376/ ]
Secure Communication With the Server From Your Android Client With Certificate Pinning [ https://medium.com/better-programming/secure-communication-with-the-server-from-your-android-client-with-certificate-pinning-5f53cea55972 ]
Security in Android — Cheatsheet []
Google security
Google Play Security Reward Program [ https://hackerone.com/googleplay ]
Android app vulnerability classes [pdf]
Zerodium [ https://zerodium.com/program.html ]
Merge multiple manifest files [ https://developer.android.com/studio/build/manifest-merge ]
Play protect [ https://www.android.com/play-protect/ ]
OWASP™ Foundation [ https://www.owasp.org/ ]
Network security configuration [ https://developer.android.com/training/articles/security-config ]
[ https://developer.android.com/jetpack/androidx/releases/security ]
Creating Secure Android Applications.
[https://medium.com/dev-genius/creating-secure-android-applications-d41531dbedd5]
Современные Android-устройства достаточно безопасны и вот почему
[https://habr.com/ru/company/vdsina/blog/509934/]
Хранение ключей API в нативном коде
Как прикрутить и отломать SSL pinning. CertificatePinner & NSC vs Reverse Engineer
Security in a nutshell [https://youtu.be/m_yvJ1Bux-E]
EvadeMe [https://github.com/evilthreads669966/evademe]
A Kotlin Android library for heuristics evasion that prevents your code from being tested.
EvadeMe — Android Library
10.2020 [https://medium.com/swlh/evademe-5c2e59083b43]