In this article, you will learn some best practices for improving the Security Level of your Android apps.

Security in Android is something you can’t be sure about. You as a developer don’t know if your app is secured enough or not. Each system can be cracked but you can make the life of the hacker much more effortful.

Network

Almost all applications nowadays exchange user’s data, tokens with the server via the Internet.

You should think about the safety of users’ Internet connection and protect their info from being stolen.

The first step to make your connection more protected is to use HTTPS, but it’s not enough of course.

One of the most popular network attacks is Man-In-The-Middle (MITM). It can be passive or active.

To protect your application from a passive MITM you can just use Diffie-Hellman key exchange algorithm.

An active attack is a bit stronger. To prevent data from being stolen you can use SSL pinning.

There are some tools that support HTTPS and SSL pinning. Two of them are Retrofit and OkHttp and we in UPTech use them almost everywhere.

Retrofit is easy to use, it supports RxJava, and it doesn’t take much time to configure it.

With the help of OkHttp you can add your own trusted SSL certificate.

“By default, OkHttp trusts the certificate authorities of the host platform. Certificate pinning increases security, but limits your server team’s abilities to update their TLS certificates. Do not use certificate pinning without the blessing of your server’s TLS administrator! “— Jesse Wilson, Square Inc.

You can learn more about SSL pinning and how to install it here: