Secure Mobile Development

• Mobile Security Primer
• • 2.1 Increase Code Complexity and Use Obfuscation
  • 2.3 Test Third-Party libraries
  • 2.5 Securely Store Sensitive Data in RAM
  • 2.7 Avoid Query String for Sensitive Data
• • 3.1 Implement Secure Data Storage
  • 3.3 Fully validate SSL/TLS
  • 3.5 Limit Use of UUID
  • 3.7 Institute Local Session Timeout
  • 3.10 Hide Account Numbers and Use Tokens
  • 3.12 Validate Input From Client
• Caching and Logging
  • 4.2 Avoid Crash Logs
  • 4.4 Carefully Manage Debug Logs
  • 4.6 Be Aware of Copy and Paste
• • 5.1 Prevent Framing and Clickjacking
• iOS
  • 6.2 Avoid Cached Application Snapshots
  • 6.5 Implement App Transport Security (ATS)
• Android
  • 7.2 Implement Intents Carefully
  • 7.4 Use Broadcasts Carefully
  • 7.6 Protect Application Services
  • 7.8 Implement Content Providers Carefully
  • 7.10 Avoid Storing Cached Camera Images
  • 7.12 Sign Android APKs
• • 8.1 Implement Proper Web Server Configuration
  • 8.3 Use Proper Session Management