Mitigate security risks in your app

By making your app more secure, you help preserve user trust and device integrity.

This page presents a set of common security issues that Android app developers face. You can use this content in the following ways:

• Learn more about how to proactively secure your apps.
• Understand how to react in the event that one of these issues is discovered in your app.

The following list contains links to dedicated pages for each individual issue, sorted into categories based on OWASP MASVS controls. Each page includes a summary, impact statement, and tips for mitigating the risk to your app.

V1: Architecture, Design and Threat Modeling

OWASP category V1 description

• android:debuggable
• android:exported

V2: Data Storage and Privacy

OWASP category V2 description

• Improperly Exposed Directories to FileProvider
• Log Info Disclosure
• Path traversal

V3: Cryptography

OWASP category V3 description

• Hardcoded Cryptographic Secrets
• Weak PRNG

V6: Platform Interaction

OWASP category V6 description

• Content resolvers
• Intent redirection
• Pending intents
• Sticky Broadcasts
• Tapjacking

V7: Code Quality and Build Setting

OWASP category V7 description

• SQL injection
• Zip Path Traversal