Want to keep learning?

This content is taken from the University of Southampton's online course, Secure Android App Development. Join the course to learn more.

Security controls

We have already mentioned security controls in a previous step. But what are they?

Security controls are the countermeasures or the safeguards that are used to detect, avoid or minimise a risk.

The outcome of the risk assessment will be a list of risks in order of priority. We now need to identify the appropriate security controls for each risk.

Weeks 3 and 4 of this course will discuss in detail some of the most important security controls for the Android platform, but in essence they can be distilled down to three key principles.

The three key principles for security controls:

  1. Never ever trust users’ input.

  2. Always protect your data in transit and when stored on the phone. Use encryption and whatever security features are provided by the platform (in our case Android).

  3. Restrict an application’s permissions to the absolutely minimum necessary for the app to function properly.

There are links to more detailed information about security controls available from the bottom of this page.

Share this article:

This article is from the free online course:

Secure Android App Development

University of Southampton