Google Play Academy Cheats Chapter 1 | Design Security

Author / Jon Markoff and Sean Smith, Android Security and Privacy Team

Not long ago, we solemnly launched Google Play Academy to you. We hope to provide you with rich learning resources to help you expand your application business skills. You can learn practical guides tailored by Google experts online for free, covering policy, design, preparation, release, growth, interaction, profitability, Play management center and other comprehensive guidance to solve urgent needs at critical moments. We will also provide a series of content for the courses of the Google Play Academy. In this issue, let's start with the course content of "Design Security".

As a developer, are you also thinking about when to incorporate security threat protection into your plan? Integrating security into the life cycle of application development can save you a lot of time and money, while drastically reducing risks. Therefore, we have launched the " design security " related content on the Google Play Academy to help you identify and proactively resist security threats, while reducing the impact of security threats. Click here to start this course immediately.

The Android ecosystem, including Google Play, has many built-in security features that protect developers and users. The " Design Security " course can help you build more security functions in your application to further improve the security of your application. For example, Jetpack Security can help developers to correctly encrypt stored data (data at rest), and only provide safe and well-known/mainstream algorithms to encrypt files and SharedPreferences. As a solution, SafetyNet Attestation API helps to identify potentially dangerous usage. We need to pay special attention to several common design vulnerabilities, such as the use of shared or improper file storage, the use of insecure protocols, and unprotected components (such as Activity). This course also provides a variety of methods to test your application to ensure the security of the application after it is released. Finally, you can set Vulnerability Disclosure Program (VDP) to seek help from security researchers.

In subsequent courses, you can learn how to integrate security into all stages of the development process security development life cycle SDL is a set of industry standard processes. In this course, you will learn how to make plans, obtain high-level support, and integrate basic knowledge into the development life cycle.

The threat model is part of the security development life cycle. In this course, you will learn about the thinking patterns of attackers in order to identify, classify, and resolve threats. By establishing a threat model in the early design phase of development, you can identify potential threats and start planning how to mitigate these threats at a lower cost, thereby creating safer products for your users.

Improving application security is a never-ending process. Welcome to the "Design Security" series of courses , watch a few short courses, learn how to integrate security into the application development life cycle, build potential threat models, and integrate application security best practices into your In application, and how to avoid possible design threats. Click here to start this course immediately.

You are welcome to continue to follow the official WeChat public account to learn more about the series of content we provide for the Google Play Academy courses, and escort your journey to sea.

Google Play Academy is newly released!

Free Chinese courses designed by Google product experts based on the needs of developers will help you succeed on Google Play.

Enter Google Play Academy: g.cn/playacademy register an account and start the learning journey!