Entries by 'Lori Flynn'

An Enhanced Tool for Securing Android Apps

Android , Secure Coding , Tools No Comments »

By Lori Flynn
Member of the Technical Staff
CERT Secure Coding Team

This blog post was co-authored by Will Klieber.

flynn_loriEach software application installed on a mobile smartphone, whether a new app or an update, can introduce new, unintentional vulnerabilities or malicious code. These problems can lead to security challenges for organizations whose staff uses mobile phones for work. In April 2014, we published a blog post highlighting DidFail (Droid Intent Data Flow Analysis for Information Leakage), which is a static analysis tool for Android app sets that addresses data privacy and security issues faced by both individual smartphone users and organizations. This post highlights enhancements made to DidFail in late 2014 and an enterprise-level approach for using the tool.

Read more...

Secure Coding for the Android Platform

Android , Java , Secure Coding No Comments »

By Lori Flynn
Member of the Technical Staff
CERT Secure Coding team

Lori FlynnAlthough the CERT Secure Coding team has developed secure coding rules and guidelines for Java, prior to 2013 we had not developed a set of secure coding rules that were specific to Java’s application in the Android platform. Android is an important area to focus on, given its mobile device market dominance (82 percent of worldwide market share in the third quarter of 2013) as well as the adoption of Android by the Department of Defense. This blog post, the first in a series, discusses the initial development of our Android rules and guidelines. This initial development included mapping our existing Java secure coding rules and guidelines to Android applicability and also the creation of new Android- only rules for Java secure coding.

Read more...