部会・WGからの報告 / 成果物

FOR IMMEDIATE RELEASE

JSSEC releases English version of
Android Application Secure Design/Secure Coding Guidebook 
Sample Code  

Japan Smartphone Security Association
Tokyo, Japan, 19 Feburuay 2016

Today, the Secure Coding Group (led by Masaru Matsunami) of the Japan Smartphone Security Association (JSSEC; Chairman: Hiroshi Yasuda) is releasing as English-language version of Android Application Secure Design/secure Coding Guidebook 1st February 2016 revised edition, the industry-standard guide to ensuring application security when developing Android smartphone applications.

 

Revised of the Guide

Add the following three items to this guide.

Revised content
  1.  Corresponding security-related that have been added in Android 6.0
    a. Fingerprint authentication function
    b. Change of Permission mechanism
  1.  Android 5.0 that did not enter until the previous edition with added security mechanism previously
    a. Notification
    b. Implementation of partners limited

  1.  Other, review of recent vulnerability problem correspondence and articles
    a. Fragment Injection measures
    b. Such as the source code review of the privacy article

 

Google has released the Android latest version Android 6.0 in October, 2015.
In Android 6.0, about the use of security-related features approval mechanism in order to obtain the user’s permission has been significantly changed.
Has been greatly changed more than ever in terms of security such as the ability of fingerprint authentication is incorporated into the Android OS.
Based on this situation, this time, the contents of which are described in this secure coding guide, we will respond to the change of up to the latest version of Android 6.0 (Marshmallow), which is open to the public at the time of issuance.
Further, the present invention is not limited to changes in Android 6.0, the changes in the previous version of Android 5.0 also, about what has not been included in the content that has been published up to now, we have to add the contents in this edition.

 

About the Guide

The guide describes a methodology for design and development of Android applications that maximizes application security. It’s designed specifically to be used by developers in real-world application development environments. Each chapter includes a sample code section that provides examples of secure coding practices for busy developers, a rulebook section that explains the thinking behind the code examples, and advanced sections that delve deeper into selected security topics.

Features of the Guide
  • The guide is written from the developer’s point of view to be usable to working coders.
  • The included sample code can both act as a guide to development and be included in commercial products under the Apache License, Version 2.0.
  • The continued sharing of the most up-to-date security practices is central to the philosophy of the guide. The content will be updated regularly.
Benefits of the Guide
  • Learn how to avoid and eliminate security vulnerabilities.
  • Gain a deep understanding of little-known Android security mechanisms.
  • Use as a guide to both reviewing existing code and planning future projects.

For more details, view the guide at:
https://www.jssec.org/dl/android_securecoding_en.pdf


About the Japan Smartphone Security Association
The Japan Smartphone Security Association, established in May of 2011, encourages the growing popularity of smartphones and tablets in business by addressing a wide variety of security issues and disseminating educational security information to a range of audiences.

Contact info for customers
Japan Smartphone Security Association Secretary
Tel: +81-3-6757-0159  E-mail:

Contact info for the press
Japan Smartphone Security Association Secretary
Tel: +81-3-6757-0159  E-mail:

”Japan Smartphone Security Association,” “Japan Smartphone Security Forum,” and “JSSEC” are trademarks of the Japan Smartphone Security Association.
All other company names and product names may be the trademarks or registered trademarks of their respective owners.


News of the past concerning this guide is here:

 

Download previous version of the guide is here: