Android Application Secure Design/Secure Coding Guidebook

February 29, 2024 Edition
Japan Smartphone Security Association (JSSEC)
Secure Coding Working Group

  • The content of this guide is up to date as of the time of publication, but standards and environments are constantly evolving. When using sample code, make sure you are adhering to the latest coding standards and best practices.

  • JSSEC and the writers of this guide are not responsible for how you use this document. Full responsibility lies with you, the user of the information provided.

  • Android is a trademark or a registered trademark of Google Inc. The company names, product names and service names appearing in this document are generally the registered trademarks or trademarks of their respective companies. Further, the registered trademark ®, trademark (TM) and copyright © symbols are not used throughout this document.

  • Parts of this document are copied from or based on content created and provided by Google, Inc. They are used here in accordance with the provisions of the Creative Commons Attribution 3.0 License

Revision history

2014-04-01

Initial English Edition

2014-07-01
Added new articles below
2015-06-01
We have reviewed the entire document in accordance with the following policy
  • Change of development environment (Eclipse -> Android Studio)

  • Responding to Android latest version Lollipop

  • Change of API Level (8 or later -> 15 or later)

2016-02-01
Added new articles below
Revised article below
2016-09-01
Revised articles below
2017-02-01
Added new articles below
Revised articles below
Deleted the section below
  • 4.8.3.4 BuildConfig.DEBUG Should Be Used in ADT 21 or Later

We have reviewed the entire document in accordance with the following policy
  • All discussions in the main text concerning Android 4.0.3 (API Level 15) and earlier versions have been deleted or moved to footnotes.

2018-02-01
Added new articles below
Revised articles below
2018-09-01
Added new articles below
Revised articles below
2019-12-01
Added new articles below
Revised articles below
2020-11-01
Added new articles below
Revised articles below
2021-10-19
Added new articles below
Revised articles below
2022-01-17
Revised articles below
2022-08-29
Added new articles below
Revised articles below
2024-2-29
Added new articles below
Revised articles below

Note: For a detailed description of these revisions, see Section Articles Revised from August 29, 2022 Edition.

For the release of this new edition, we have updated the contents of this Guidebook based on your comments and suggestions.

Published by

Japan Smartphone Security Association (JSSEC), Technical Subcommittee, Secure Coding Working Group

Leader

Tsutomu Miyazaki

LAC Co., Ltd.

Members

Akihiro Shiota

NTT DATA Corporation

Teruaki Honma

KDDI CORPORATION

Harunobu Agematsu

KDDI CORPORATION

Naruhiko Ogasawara

SHIFT SECURITY

Yoshinori Saida

NEC Corporation

Toru Aoyagi

NEC Corporation

(In no particular order)

Authors of August 29 2022 Edition

Leader

Tsutomu Miyazaki

LAC Co. ltd.

Member

Pantuhong Sorasiri

LAC Co. ltd.

Akihiro Shiota

NTT DATA Corporation

Teruaki Honma

KDDI CORPORATION

Harunobu Agematsu

KDDI CORPORATION

(In no particular order)

Authors of January 17 2022 Edition

Leader

Tsutomu Miyazaki

LAC Co. ltd.

Member

Nao Komatsu

LAC Co. ltd.

Teruaki Honma

KDDI CORPORATION

(In no particular order)

Authors of October 19 2021 Edition

Leader

Tsutomu Miyazaki

LAC Co. ltd.

Member

Nao Komatsu

LAC Co. ltd.

Teruaki Honma

KDDI CORPORATION

(In no particular order)

Authors of November 1, 2020 Edition

Leader

Tsutomu Miyazaki

LAC Co. ltd.

Member

Akihiro Shiota

NTT DATA Corporation

Teruaki Honma

KDDI CORPORATION

Saida Yoshinori

NEC Corporation

(In no particular order)

Authors of September 1 2019 Edition

Leader

Jun Ogiso

Sony Digital Network Applications, Inc.

Member

Toshimi Sawada

Software Research Associates, Inc.

Kohei Suzuki

Software Research Associates, Inc.

Akihiro Shiota

NTT DATA Corporation

Teruaki Honma

KDDI CORPORATION

Junki Hisamoto

Sony Digital Network Applications, Inc.

Nobuaki Yamaguchi

Sony Digital Network Applications, Inc.

Gaku Taniguchi

Tao Software, Inc.

Ito Takefumi

Nihon System Kaihatsu Co., Ltd.

(In no particular order)

Authors of September 1, 2018 Edition

Leader

Akira Ando

Sony Digital Network Applications, Inc.

Member

Toshimi Sawada

Software Research Associates, Inc.

Kohei Suzuki

Software Research Associates, Inc.

Teruaki Honma

KDDI CORPORATION

Jun Ogiso

Sony Digital Network Applications, Inc.

Junki Hisamoto

Sony Digital Network Applications, Inc.

Nobuaki Yamaguchi

Sony Digital Network Applications, Inc.

Shigeru Yatabe

Fomalhaut Techno Solutions

(In no particular order)

Authors of February 1, 2018 Edition

Leader

Akira Ando

Sony Digital Network Applications, Inc.

Member

Ken Okuyma

Android Security Japan

Eiji Hoshimoto

Software Research Associates, Inc.

Akihiro Shiota

NTT DATA Corporation

Shigenori Takei

NTT Software Corporation

Ikuya Fukumoto

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)

Mariko Yoshida

Sony Digital Network Applications, Inc.

Nobuaki Yamaguchi

Sony Digital Network Applications, Inc.

Jun Ogiso

Sony Digital Network Applications, Inc.

Junki Hisamoto

Sony Digital Network Applications, Inc.

Masahiro Kasahara

SoftBank Corp.

Ito Takefumi

Nihon System Kaihatsu Co., Ltd.

Shigeru Yatabe

Fomalhaut Techno Solutions

(In no particular order)

Authors of February 1, 2017 Edition

Leader

Ken Okuyama

Sony Digital Network Applications, Inc.

Member

Shigeharu Araki

Android Security Japan

Eiji Shimano

Android Security Japan

Akihiro Shiota

NTT DATA Corporation

Shigenori Takei

NTT Software Corporation

Ikuya Fukumoto

Software Research Associates, Inc.

Tomomi Ohuchi

Software Research Associates, Inc.

Yoichi Yamanoi

Software Research Associates, Inc.

Hidenori Yamaji

Sony Corporation

Akira Ando

Sony Digital Network Applications, Inc.

Jun Ogiso

Sony Digital Network Applications, Inc.

Masaru Matsunami

Sony Digital Network Applications, Inc.

Tetsuya Takahashi

SQUARE ENIX CO., LTD.

Gaku Taniguchi

Tao Software, Inc.

(In no particular order)

Authors of September 1, 2016 Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Shigeharu Araki

Android Security Japan

Shigenori Takei

NTT Software Corporation

Ikuya Fukumoto

Software Research Associates, Inc.

Tomomi Ohuchi

Software Research Associates, Inc.

Hidenori Yamaji

Sony Corporation

Akira Ando

Sony Digital Network Applications, Inc.

Jun Ogiso

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Mitake Ohtani

Sony Digital Network Applications, Inc.

Daisuke Mitsuzono

Nihon System Kaihatsu Co., Ltd.

Eiji Shimano

Tao Software, Inc.

Gaku Taniguchi

Tao Software, Inc.

(In no particular order)

Authors of February 1, 2016 Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Masaomi Adachi

Android Security Japan

Tohru Ohzono

Cisco Systems, Inc.

Shigenori Takei

NTT Software Corporation

Masahiro Kasahara

SoftBank Mobile Corp.

Eiji Hoshimoto

Software Research Associates, Inc.

Ikuya Fukumono

Software Research Associates, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Mitake Ohtani

Sony Digital Network Applications, Inc.

Muneaki Nishimura

Sony Digital Network Applications, Inc.

Setsuko Kaji

Sony Digital Network Applications, Inc.

Taeko Ito

Sony Digital Network Applications, Inc.

Hidenori Yamaji

Sony Mobile Communications Inc.

Eiji Shimano

Tao Software, Inc.

Gaku Taniguchi

Tao Software, Inc.

(In no particular order)

Authors of June 1, 2015 Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Tohru Ohzono

Cisco Systems, Inc.

Akio Kondo

BRILLIANTSERVICE co., Ltd.

Kazuma Mitake

BRILLIANTSERVICE co., Ltd.

Kyosuke Imanishi

BRILLIANTSERVICE co., Ltd.

Masato Shintani

BRILLIANTSERVICE co., Ltd.

Naohiko Shimura

BRILLIANTSERVICE co., Ltd.

Ryuji Fujita

BRILLIANTSERVICE co., Ltd.

Shohei Hara

BRILLIANTSERVICE co., Ltd.

Tomoyuki Fujisawa

BRILLIANTSERVICE co., Ltd.

Yutaka Kawahara

BRILLIANTSERVICE co., Ltd.

Shigeru Yatabe

Fomalhaut Techno Solutions

Naonobu Yatsukawa

Nihon Unisys, Ltd.

Shigenori Takei

NTT Software Corporation

Masahiro Kasahara

SoftBank Mobile Corp.

Eiji Hoshimoto

Software Research Associates, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Muneaki Nishimura

Sony Digital Network Applications, Inc.

Eiji Shimano

Tao Software, Inc.

Gaku Taniguchi

Tao Software, Inc.

(In no particular order)

Authors of July 1, 2014 English Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Tohru Ohzono

Cisco Systems, Inc.

Shigeru Yatabe

Fomalhaut Techno Solutions

Keisuke Takemori

KDDI CORPORATION

Takamasa Isohara

KDDI CORPORATION

Naonobu Yatsukawa

Nihon Unisys, Ltd.

Shigenori Takei

NTT Software Corporation

Masahiro Kasahara

SoftBank Mobile Corp.

Eiji Hoshimoto

Software Research Associates, Inc.

Tsutomu Kumazawa

Software Research Associates, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Setsuko Kaji

Sony Digital Network Applications, Inc.

Taeko Ito

Sony Digital Network Applications, Inc.

Yoshinori Kataoka

Sony Digital Network Applications, Inc.

Eiji Shimano

Tao Software, Inc.

Gaku Taniguchi

Tao Software, Inc.

Michiyoshi Sato

Tokyo System House Co., Ltd.

(In no particular order)

Authors of April 1, 2014 English Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Tomoyuki Hasegawa

Android Security Japan

Mayumi Nishiyama

BJIT Inc.

Tohru Ohzono

Cisco Systems, Inc.

Masaki Kubo

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)

Daniel Burrowes

Kobe Digital Labo Inc.

Zachary Mathis

Kobe Digital Labo Inc.

Renta Futamura

NextGen, Inc.

Naonobu Yatsukawa

Nihon Unisys, Ltd.

Shigenori Takei

NTT Software Corporation

Ikuya Fukumono

Software Research Associates, Inc.

Tsutomu Kumazawa

Software Research Associates, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Hiroko Nakajima

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Satoshi Fujimura

Sony Digital Network Applications, Inc.

Setsuko Kaji

Sony Digital Network Applications, Inc.

Taeko Ito

Sony Digital Network Applications, Inc.

Yoshinori Kataoka

Sony Digital Network Applications, Inc.

Hidenori Yamaji

Sony Mobile Communications Inc.

Takuya Nishibayashi

Sony Mobile Communications Inc.

Koji Isoda

Symantec Japan, Inc.

Gaku Taniguchi

Tao Software, Inc.

Michiyoshi Sato

Tokyo System House Co., Ltd.

(In no particular order)

Authors of April 1, 2013 Japanese Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Masaomi Adachi

Android Security Japan

Tomoyuki Hasegawa

Android Security Japan

Yuki Abe

Software Research Associates, Inc.

Tomomi Oouchi

Software Research Associates, Inc.

Tsutomu Kumazawa

Software Research Associates, Inc.

Toshimi Sawada

Software Research Associates, Inc.

Kiyoshi Hata

Software Research Associates, Inc.

Youichi Higa

Software Research Associates, Inc.

Yuu Fukui

Software Research Associates, Inc.

Ikuya Fukumoto

Software Research Associates, Inc.

Eiji Hoshimoto

Software Research Associates, Inc.

Shun Yokoi

Software Research Associates, Inc.

Takakazu Yoshizawa

Software Research Associates, Inc.

Takeshi Fujiwara

NRI SecureTechnologies, Ltd.

Shigenori Takei

NTT Software Corporation

Masaki Kubo

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Hiroshi Kumagai

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Yozo Toda

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Tohru Ohzono

Cisco Systems, Inc.

Toru Asano

Sony Digital Network Applications, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Ryohji Ikebe

Sony Digital Network Applications, Inc.

Jun Ogiso

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Yoshinori Kataoka

Sony Digital Network Applications, Inc.

Muneaki Nishimura

Sony Digital Network Applications, Inc.

Koji Furusawa

Sony Digital Network Applications, Inc.

Kenji Yamaoka

Sony Digital Network Applications, Inc.

Gaku Taniguchi

Tao Software, Inc.

Naonobu Yatsukawa

Nihon Unisys, Ltd.

Shigeru Yatabe

Fomalhaut Techno Solutions

(In no particular order)

Authors of November 1, 2012 Japanese Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Katsuhiko Sato

Android Security Japan

Nakaguchi Akihiko

Android Security Japan

Tomomi Oouchi

Software Research Associates, Inc.

Naoyuki Ohira

Software Research Associates, Inc.

Tsutomu Kumazawa

Software Research Associates, Inc.

Miki Sekikawa

Software Research Associates, Inc.

Seigo Nakano

Software Research Associates, Inc.

Youichi Higa

Software Research Associates, Inc.

Ikuya Fukumoto

Software Research Associates, Inc.

Eiji Hoshimoto

Software Research Associates, Inc.

Shoichi Yasuda

Software Research Associates, Inc.

Tadayuki Yahiro

Software Research Associates, Inc.

Takakazu Yoshizawa

Software Research Associates, Inc.

Shigenori Takei

NTT Software Corporation

Keisuke Takemori

KDDI CORPORATION

Masaki Kubo

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Hiroshi Kumagai

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Yozo Toda

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Tohru Ohzono

Cisco Systems, Inc.

Toru Asano

Sony Digital Network Applications, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Ryohji Ikebe

Sony Digital Network Applications, Inc.

Shigeru Ichikawa

Sony Digital Network Applications, Inc.

Mitake Ohtani

Sony Digital Network Applications, Inc.

Jun Ogiso

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Yoshinori Kataoka

Sony Digital Network Applications, Inc.

Ikue Sato

Sony Digital Network Applications, Inc.

Muneaki Nishimura

Sony Digital Network Applications, Inc.

Kazuo Yamaoka

Sony Digital Network Applications, Inc.

Takeru Kikkawa

Sony Digital Network Applications, Inc.

Gaku Taniguchi

Tao Software, Inc.

Eiji Shimano

Tao Software, Inc.

Hisao Kitamura

Tao Software, Inc.

Takao Yamakawa

Japan Online Game Association

Masaki Ishihara

Nihon System Kaihatsu Co., Ltd.

Yasuaki Mori

Nihon System Kaihatsu Co., Ltd.

Naonobu Yatsukawa

Nihon Unisys, Ltd.

Shigeru Yatabe

Fomalhaut Techno Solutions

Shigeki Fujii

UNIADEX, Ltd.

(In no particular order)

Authors of June 1, 2012 Japanese Edition

Leader

Masaru Matsunami

Sony Digital Network Applications, Inc.

Member

Katsuhiko Sato

Android Security Japan

Tomomi Oouchi

Software Research Associates, Inc.

Youichi Higa

Software Research Associates, Inc.

Eiji Hoshimoto

Software Research Associates, Inc.

Shigenori Takei

NTT Software Corporation

Masaaki Chida

GREE, Inc.

Masaki Kubo

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Hiroshi Kumagai

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Yozo Toda

Japan Computer Emergency Response Team Coordination Center(JPCERT/CC)

Tohru Ohzono

Cisco Systems, Inc.

Yoichi Taguchi

System House. ING Co., Ltd.

Masahiko Sakamoto

Secure Sky Technology, Inc.

Akira Ando

Sony Digital Network Applications, Inc.

Shigeru Ichikawa

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Shigeru Ichikawa

Sony Digital Network Applications, Inc.

Ken Okuyama

Sony Digital Network Applications, Inc.

Ikue Sato

Sony Digital Network Applications, Inc.

Muneaki Nishimura

Sony Digital Network Applications, Inc.

Kazuo Yamaoka

Sony Digital Network Applications, Inc.

Gaku Taniguchi

Tao Software, Inc.

Eiji Shimano

Tao Software, Inc.

Hisao Kitamura

Tao Software, Inc.

Michiyoshi Sato

Tokyo System House Co., Ltd.

Masakazu Hattori

Trend Micro Incorporated.

Naonobu Yatsukawa

Nihon Unisys, Ltd.

Shigeru Yatabe

Fomalhaut Techno Solutions

Shigeki Fujii

UNIADEX, Ltd.

(In no particular order)