- Mobile Security Primer
- Coding Practices
- Handling Sensitive Data
- Implement Secure Data Storage
- Use SECURE Setting For Cookies
- Fully validate SSL/TLS
- Protect Against SSL Downgrade Attacks
- Limit Use of UUID
- Treat Geolocation Data Carefully
- Institute Local Session Timeout
- Implement Enhanced/Two-Factor Authentication
- Protect Application Settings
- Hide Account Numbers and Use Tokens
- Implement Secure Network Transmission Of Sensitive Data
- Validate Input From Client
- Avoid Storing App Data in Backups
- Caching and Logging
- Webviews
- iOS
- Android
- Implement File Permissions Carefully
- Implement Intents Carefully
- Check Activities
- Use Broadcasts Carefully
- Implement PendingIntents Carefully
- Protect Application Services
- Avoid Intent Sniffing
- Implement Content Providers Carefully
- Follow WebView Best Practices
- Avoid Storing Cached Camera Images
- Avoid GUI Objects Caching
- Sign Android APKs
- Servers