2

I have an android application which has a few hundreds of thousands of users. This application is a retail application and hence deals with a fair amount of customer data, shopping history and payment information, built on web views.

My company now has a tie up with another services startup which vends its own mobile SDK for a certain set of functionalities. This is a closed library to no access to source code(baked in the legal contract).

Are there ways for me to ensure the following -

  1. Ensure that the external mobile library does not access any resource or data that I don't want it to, either via javascript injection or otherwise, given both the library and the app share the same process space in memory.
  2. Insulate my application from any security vulnerabilities in the mobile library.

Are there any 'best practices' one can follow from a security perspective while integrating with a mobile library that you can not completely trust or have visibility into ?

Rahul Singh Chandrabhan
  • 2,531
  • 5
  • 22
  • 33
ping
  • 1,229
  • 3
  • 21
  • 41
  • check this, here i have asked the same question https://stackoverflow.com/questions/43601498/protect-android-app-from-reverse-engineering – hasan_shaikh Apr 10 '18 at 04:05
  • In my humble opinion, this question is different from the one linked above. The one linked above is more around reverse engineering and obfuscation whereas this question is more around how to insulate/protect you app from a library you have no choice but to integrate with and if there are ways to insulate your app from vulnerabilities in the said library. Reverse engineering applies to all apps and libraries but this is a more focussed question on the integration between a library and an app. – ping Apr 10 '18 at 04:20

0 Answers0