We have already mentioned security controls in a previous step. But what are they?
Security controls are the countermeasures or the safeguards that are used to detect, avoid or minimise a risk.
The outcome of the risk assessment will be a list of risks in order of priority. We now need to identify the appropriate security controls for each risk.
Weeks 3 and 4 of this course will discuss in detail some of the most important security controls for the Android platform, but in essence they can be distilled down to three key principles.
The three key principles for security controls:
Never ever trust users’ input.
Always protect your data in transit and when stored on the phone. Use encryption and whatever security features are provided by the platform (in our case Android).
Restrict an application’s permissions to the absolutely minimum necessary for the app to function properly.
There are links to more detailed information about security controls available from the bottom of this page.
© University of Southampton 2017