android-security
Safeguard articles tagged "android-security" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Kotlin Security Best Practices: Beyond Null Safety on the JVM and Android
Null safety is a reliability win, not a security boundary. A Kotlin app inherits every JVM supply-chain CVE and the full Android attack surface — here's what the type system doesn't do for you.
Fixing vulnerabilities in Gradle projects
Gradle's resolved dependency graph rarely matches build.gradle. Here's how to find, force-fix, and lock vulnerable transitive dependencies for good.
Android application security best practices
A practical, evidence-based guide to Android app security: data storage, network hardening, SDK risk, and CI/CD signing, with concrete CVEs and stats.
Scanning Kotlin and Android projects with OWASP Dependenc...
A step-by-step guide to scanning Kotlin and Android projects with OWASP Dependency-Check: Gradle plugin setup, CI automation, triage, and suppressions.
Third-party library risk in Android apps: permissions, SD...
Every Android app runs dozens of third-party SDKs with full app permissions. Here's how android third-party library risk turns into real data leaks — and how Safeguard catches it first.
Mobile Security Testing: OWASP MAS in Practice
OWASP MAS turns mobile app security from ad-hoc pentests into a program: what the eight MASVS control groups cover, how MASTG test cases work, and how to fit it all into CI.
Mobile Security Testing for iOS and Android Apps
Mobile apps fail in ways web apps don't — insecure local storage, weak certificate pinning, reverse-engineerable binaries — and testing them requires methods most web-focused AppSec programs never built.
Kotlin detekt Security Rules: Catching Vulnerabilities in Kotlin Code
detekt is Kotlin's primary static analysis tool. Its security-relevant rules catch patterns that lead to vulnerabilities in Android and server-side Kotlin.