保护 Android 应用的安全涉及保护数据(存储、传输)、安全处理身份验证/凭据、遵循最小权限原则(权限)以及防范常见漏洞。由于应用处理敏感的用户数据,安全至关重要。
数据安全
✓ ENCRYPT sensitive data at rest — EncryptedSharedPreferences, Android Keystore (for keys),
encrypted databases (NOT plain SharedPreferences/files for secrets)
✓ Use HTTPS/TLS for all network traffic (never plaintext HTTP); certificate pinning for
sensitive apps
✓ Don't log sensitive data; clear it appropriately; mind clipboard/screenshots
✓ Use the KEYSTORE for cryptographic keys (hardware-backed where available)
