Quick Links
News


< Back

Security : Technology : Software Development : Mobile

JSSEC Releases English Version of Android Application Guidebook




Hiroshi Yasuda
Chairman
Japan Smartphone Security Association

The Secure Coding Group, led by Masaru Matsunami of the Japan Smartphone Security Association and JSSEC Chairman: Hiroshi Yasuda, has annnounced the release of an English version of Android Application Secure Design/Secure Coding Guidebook (1 July 2014 Edition) to replace an earlier version released in May.

Revisions
The following two items have been added to this guide.

  1. Dealing with privacy information
    How to get consent and the idea of dealing with privacy information on a smartphone.
  2. Using encryption technology
    Encryption and complex realization of confidentiality in Android Applications, handling of message authentication and code/digital signatures.

The Ministry of Internal Affairs and Communications advocated the "Smartphone Privacy Initiative" and the "Smartphone Privacy Initiative II"(SPI)[1], as well as the proper handling user information. Applications that take advantage of the user information of smartphones when using privacy policy information.

Dealing with privacy information incorporates a privacy policy that was created along the SPI, it has provided sample code and rules for obtaining consent for the use of user information at the right time and methods.

Further, in the field of security software, you can use the encryption technology to protect the assets of the application or user from threats such as eavesdropping and tampering by a malicious third party. Various functions are provided for Android OS, you can use the encryption technology to protect the assets in the Android applications.

The encryption technology has been classified to be utilized in accordance with the purpose referred to as "you want to protect what assets from threats." Also provided is sample code and rules for determining the type of encryption key to be selected in each type of cryptography, such as encryption method and length.

About the Guide
The guide describes a methodology for design and development of Android applications that maximizes application security. It’s designed specifically to be used by developers in real-world application development environments. Each chapter includes a sample code section that provides examples of secure coding practices for busy developers, a rulebook section that explains the thinking behind the code examples, and advanced sections that delve deeper into selected security topics.

Features of the guide

  • The guide is written from the developer’s point of view to be used by working coders.
  • The included sample code can both act as a guide to development and be included in commercial products under the Apache License, Version 2.0.
  • The continued sharing of the most up-to-date security practices is central to the philosophy of the guide. The content will be updated regularly.

The guide will appear at Kindle Store shortly.

About the Japan Smartphone Security Association
The Japan Smartphone Security Association, established in May of 2011, encourages the growing popularity of smartphones and tablets in business by addressing a wide variety of security issues and disseminating educational security information to a range of audiences.

[1] SPI of Ministry of Internal Affairs and Communications

“Smartphone Privacy Initiative”
http://www.soumu.go.jp/main_sosiki/joho_tsusin/eng/presentation/pdf/Initiative.pdf

“Smartphone Privacy Initiative II”
http://www.soumu.go.jp/main_sosiki/joho_tsusin/eng/presentation/pdf/Summary_II.pdf

 








Advertise your product/service here!
About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY