Posted by Jon Markoff, Staff Developer Advocate & Sean Smith, Technical Program Manager
As a developer, struggling to figure out when to add security threat protection to your roadmap? Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why we introduced Security by Design in the Google Play Academy to help developers identify, contain, and proactively protect security threats.
The Android ecosystem, including Google Play, has many built-in security features that help keep developers and users safe. Of course Introduction to app security best practices takes this protection one step further by helping you take advantage of additional security features that you can integrate into your app. For example, Jetpack Security helps developers to properly encrypt their data at rest and only offers secure and well-known algorithms for encrypting files and shared preferences. Worried about the use of rooted or compromised devices that could allow a bad actor to use your app in unsanctioned ways? The SafetyNet Attestation API is a solution to identify potentially dangerous usage patterns. There are several common design flaws to look out for, including the use of shared or improper file storage, the use of insecure logs, unprotected components like activity, and more. The course also provides methods for testing your application to protect apps after launch in the wild. Finally, you can set up a Vulnerability Disclosure Program (VDP) to engage security researchers.
In the next course, you will learn how to integrate security into every phase of the development process by taking on the security development lifecycle. The SDL is an industry standard process. In this course, you will learn the basics of setting up a program, executive sponsorship, and incorporating it into your development lifecycle.
Threat modeling is part of the security development lifecycle. In this course, you will learn how to think like an attacker in order to identify, categorize and combat threats. This allows you to identify potential threats early in the design phase of development and start planning how to address them at a much lower cost and create a safer product for your users.
Improving the security of your app is a never-ending process. Sign up for the Security by Design module, where you will learn in a few short courses how to integrate security into your app development lifecycle, model potential threats, and incorporate best practices for app security into your app, as well as potential design pitfalls avoid.