Security has become more of an concern for Android device owners, some of which may be afraid to download apps from the Google Play Store for fear of malware or data leaks. Now, Google has quietly launched a new security-focused page on its Android Developers site that offers tips to app creators to make sure their clients are free of those kind of issues.
The page offers a quick checklist for developers if they want to make a secure Android app. They include the suggestion that apps minimize the use of “sensitive APIs”, along with making sure that data from any external storage has been verified as safe before using it in an app. It also suggests that apps use HTTPS and SSL secure connections and that the device’s security provider offers automatic updates.
The checklist also suggests apps only use permissions that are necessary for its features, and that developers should pay attention to the permissions that are used by the app’s libraries.
One example of how asking for too many permissions could backfire: last week, it was discovered that the popular photo editing app Meitu asked for more than 20 permissions before users could install it. That sent up a lot of red flags as some users were concerned that their personal data was being collected and used. The China-based Meitu later claims all those permissions were needed because Google Play Services is not available in that country, so it had to use a third-party notification service called Getui that required the app to run at start.
The new security page on the Android Developers site also offers links to previous blog posts on how to make apps more secure, along with info on the company’s Android Security and Google Patch Rewards programs. These programs offer cash rewards for security experts to find flaws in the Android OS. All in all, this looks like a great one-stop location for Android developers to learn more about app security.