Security by design
The security of your app can be affected by two things:
- Mistakes you make in your code.
- Mistakes you make in your design.
Both can leave your app vulnerable to attack, and both can be equally damaging, but mistakes in design can be much harder, and more costly to fix.
The reason is a simple one, fixing a mistake in your code like an out-by-one array indexing error, or setting the wrong permissions on a file, can often be fixed by changing just one or two lines of code.
Obviously you need to spot the mistake, and work out which lines need fixing, but performing the fix is often a small local change to the code.
Design mistakes on the other hand can require rewriting significant parts of your app in order to fix them, and not only is doing that time consuming, annoying, and potentially very expensive, it also introduces the possibility for you to introduce new bugs in the rewritten code!
Getting the design right is therefore very important, and we will focus on how to do this. The Android platform has been designed to help us do this, and we will cover some of the features Android provides that can greatly improve app security.
© University of Southampton 2017