Android Secure Application Development Guidance for DoD
Michael Peck, Shawn Valle
30 September 2011
Sponsor: ESE Capstone
Dept. No.: G021 / E54A
Contract No.: W15P7T-12-C-F600
Project No.: 031280SE-D2
The views, opinions and/or findings contained in this report are those of The MITRE Corporation and should not be construed as an official government position, policy, or decision, unless designated by other documentation.
This document was prepared for authorized distribution only. Approved for Public Release: 12-3459. Distribution Unlimited
©2011 The MITRE Corporation.
All rights reserved.
Prepared By:
Signed
Robert “Pat” Benito, JC2 Pilot Task Lead 2/19/12
Approved By:
Signed
Josiah R. Collens, Jr. 2/20/12
Director of Integration for Joint C2
NSEC
This page intentionally left blank.
Executive Summary
Android applications developed for US Department of Defense (DoD), are required to go through a workflow process to evaluate and test for meeting expected Cyber Security and Information Assurance guidelines. Applications that meet the evaluation guidelines can be permitted into the enterprise application market, known as CAPStore, for user distribution. The following documentation identifies the technical requirements and guidance Android application developers should adhere to when developing applications for DoD.
The details within are technical and security focused, and should be made available to software engineers and IA engineers. The material is organized with a logical flow in mind, initially focusing on application permissions, then into securing code and data, and finally focusing on multiple application interaction.
Table of Contents
1Introduction 1
2Application Permissions 1
1.1Leverage Android Permissions Model 1
1.2Creating New Manifest Permissions 1
3General Application Authentication 2
1.3Password Guidance 3
4Data Protection 4
1.4Database Encryption 5
1.5SD Card Storage 5
1.6Android Application Package 6
1.7File Permissions 6
5Follow Secure Programming Practices 1
1.8Input Validation 1
2Avoiding SQL injection attacks 1
3Avoiding command injection attacks 2
1.9Sign Application Packages 2
1.10Avoid Android NDK or Java JNI Use, Unless Necessary 3
1.11Third-Party Libraries 3
6Secure Data Communication 1
1.12Leverage TLS/SSL 1
1.13Parameter Content 4
7Secure Inter-App Communication 1
1.14Securing Android Intents 1
1.15Securing Content Providers 4
8Application Update Process 1
9Non-Android SDK Applications 1
1.16Browser-based Apps 1
1.17Adobe Air Apps 1
List of Figures
Figure 3‑1 Potential Sample Authentication 2
Figure 3‑2 Standard DoD PED Banner 4
This page intentionally left blank.
|