android-security
Installation
SKILL.md
Android Security Standards
Priority: P0 (CRITICAL)
Implementation Guidelines
Data Storage
- Secrets: NEVER store API keys in code. Use
EncryptedSharedPreferencesfor sensitive local data (Tokens). - Keystore: Use Android Keystore System for cryptographic keys.
Network
- HTTPS: Enforce HTTPS via
network_security_config.xml(cleartextTrafficPermitted="false"). - Pinning: Consider Certificate Pinning for high-security apps.
Component Export
- Exported: Explicitly set
android:exported="false"for Activities/Receivers unless intended for external use.