Android Secure Application Development Guidance for DoD
Michael Peck, Shawn Valle
30 September 2011
Sponsor: ESE Capstone
Dept. No.: G021 / E54A
Contract No.: W15P7T-12-C-F600
Project No.: 031280SE-D2
The views, opinions and/or findings contained in this report are those of The MITRE Corporation and should not be construed as an official government position, policy, or decision, unless designated by other documentation.
This document was prepared for authorized distribution only. Approved for Public Release: 12-3459. Distribution Unlimited
©2011 The MITRE Corporation.
All rights reserved.
Josiah R. Collens, Jr. 2/20/12
This page intentionally left blank.
Android applications developed for US Department of Defense (DoD), are required to go through a workflow process to evaluate and test for meeting expected Cyber Security and Information Assurance guidelines. Applications that meet the evaluation guidelines can be permitted into the enterprise application market, known as CAPStore, for user distribution. The following documentation identifies the technical requirements and guidance Android application developers should adhere to when developing applications for DoD.
1Introduction 1
2Application Permissions 1
1.1Leverage Android Permissions Model 1
1.2Creating New Manifest Permissions 1
3General Application Authentication 2
1.3Password Guidance 3
4Data Protection 4
1.4Database Encryption 5
1.5SD Card Storage 5
1.6Android Application Package 6
1.7File Permissions 6
5Follow Secure Programming Practices 1
1.8Input Validation 1
2Avoiding SQL injection attacks 1
3Avoiding command injection attacks 2
1.9Sign Application Packages 2
1.10Avoid Android NDK or Java JNI Use, Unless Necessary 3
1.11Third-Party Libraries 3
6Secure Data Communication 1
1.12Leverage TLS/SSL 1
1.13Parameter Content 4
7Secure Inter-App Communication 1
1.14Securing Android Intents 1
1.15Securing Content Providers 4
8Application Update Process 1
9Non-Android SDK Applications 1
1.16Browser-based Apps 1
1.17Adobe Air Apps 1
This page intentionally left blank.