Safeguard
Tag

android-security

Safeguard articles tagged "android-security" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Security Guides

Kotlin Security Best Practices: Beyond Null Safety on the JVM and Android

Null safety is a reliability win, not a security boundary. A Kotlin app inherits every JVM supply-chain CVE and the full Android attack surface — here's what the type system doesn't do for you.

Jul 2, 20266 min read
Application Security

Fixing vulnerabilities in Gradle projects

Gradle's resolved dependency graph rarely matches build.gradle. Here's how to find, force-fix, and lock vulnerable transitive dependencies for good.

May 22, 20266 min read
Application Security

Android application security best practices

A practical, evidence-based guide to Android app security: data storage, network hardening, SDK risk, and CI/CD signing, with concrete CVEs and stats.

Apr 29, 20266 min read
Open Source Security

Scanning Kotlin and Android projects with OWASP Dependenc...

A step-by-step guide to scanning Kotlin and Android projects with OWASP Dependency-Check: Gradle plugin setup, CI automation, triage, and suppressions.

Jan 29, 20268 min read
Software Supply Chain Security

Third-party library risk in Android apps: permissions, SD...

Every Android app runs dozens of third-party SDKs with full app permissions. Here's how android third-party library risk turns into real data leaks — and how Safeguard catches it first.

Jan 28, 20267 min read
AppSec

Mobile Security Testing: OWASP MAS in Practice

OWASP MAS turns mobile app security from ad-hoc pentests into a program: what the eight MASVS control groups cover, how MASTG test cases work, and how to fit it all into CI.

Nov 5, 20256 min read
AppSec

Mobile Security Testing for iOS and Android Apps

Mobile apps fail in ways web apps don't — insecure local storage, weak certificate pinning, reverse-engineerable binaries — and testing them requires methods most web-focused AppSec programs never built.

Apr 9, 20256 min read
DevSecOps

Kotlin detekt Security Rules: Catching Vulnerabilities in Kotlin Code

detekt is Kotlin's primary static analysis tool. Its security-relevant rules catch patterns that lead to vulnerabilities in Android and server-side Kotlin.

Jul 28, 20235 min read
android-security — Safeguard Blog