🔓Why Safe to Run?
Safe to run provides an API for security as code to make Android application security easy
Need help? Want to get involved?
Overview
Safe to run has been developed in order to help developers secure their Android applications. Safe to run has two primary capabilities:
Safe to run - verify
The old adage in security goes: verify everything, trust nothing. Safe to run - Verify provides a simple but powerful way for developers verify intents, files, URLs and other types of vulnerable items
Input verification is intended to ensure that URLs are safe to load into webviews, or to make API calls or that intents coming from external sources match some predefined conditions. Check the documentation under 'input verification' to get started
Safe to run - resilience
Checking if the device meets certain requirements - for example, you can ban rooted devices, emulators, enforce minimum OS versions or prevent an app running if certain software (e.g. banking trojans) are present on the phone.
Checks
Safe to run - resilience consists of a number of 'checks' which are detailed in the documentation. The purpose of these checks is to ensure that the app is 'safe to run' i.e. it meets the pre-conditions you have set.
Following are a list of things that Safe to run can help protect against and the checks that can help with them
| Hardening against de & recompilation | Harden against reverse engineers and pentesters | Harden against insecure devices | |
|---|---|---|---|
Signature check | [x] | [x] | |
Root detection | [x] | [x] | |
OS Check | [x] | ||
Blacklisting apps | [x] | ||
Debug check | [x] | ||
Install origin | [x] | ||
Emulator check | [x] | [x] |
A note on "Safe to run - Resilience":
No solution to tamper detection is foolproof, if someone is able to decompile your application and push it onto an unsuspecting device, it is possible remove the functionality of safe to run.
This just makes it that much harder...
Last updated
