2016년 12월 22일 목요일

test/verify security


Any thoughts on how you can test the software for security compliance? Does it have an security vulnerabilities?

-- 
No software is completely secure.   AI2 apps can be hacked.  AI2 provides a text block called Obfuscated text  .  This provides very low level security that makes hacking a compiled apk more difficult.  So, AI2 apps are not secure from an experienced hacker.

The Obfuscated text block is not documented in the Text blocks description.  From a tool tip:

Produces text like a text block.  the difference is that the text is not easily discover-able by examining the app's APK.  Use when creating apps to distribute that include confidential information, for example, API keys.  This provides only low  level security against expert adversaries.

This comment indicates that what is 'secure' and only at a low level is text information you use within the app from a simple compilation of your APK.  If what needs to be secure cannot be placed in a text box, then it is potentially insecure. This might make, perhaps a Firebase database more secure by allowing the developer to 'hide' the FireBase Token.


Read about what others say about Obfuscated.  You have to test your app for security compliance based on the wording of 508.     Based on 


determining security compliance  is something for experts.  Complience might depend on what your appactually does, what information it accesses and stores etc.  and how it communicates with the outside world.

-- 

댓글 없음:

댓글 쓰기