> android-security
Standards for Data Encryption, Network Security, and Permissions. Use when implementing encryption, network security config, or permission handling in Android. (triggers: network_security_config.xml, AndroidManifest.xml, EncryptedSharedPreferences, cleartextTrafficPermitted, intent-filter)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/android-security?format=md"Android Security Standards
Priority: P0 (CRITICAL)
Implementation Guidelines
Data Storage
- Secrets: NEVER store API keys in code. Use
EncryptedSharedPreferencesfor sensitive local data (Tokens). - Keystore: Use Android Keystore System for cryptographic keys.
Network
- HTTPS: Enforce HTTPS via
network_security_config.xml(cleartextTrafficPermitted="false"). - Pinning: Consider Certificate Pinning for high-security apps.
Component Export
- Exported: Explicitly set
android:exported="false"for Activities/Receivers unless intended for external use.
Anti-Patterns
- No Sensitive Logs: Strip logs in Release builds.
- No Homebrew Root Detection: Use Play Integrity API instead.
- No Raw URL String Concatenation: Use
Uri.BuilderorHttpUrl(OkHttp) to prevent parameter injection.
References
Related Topics
common/security-standards | architecture
> related_skills --same-repo
> typescript-tooling
Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)
> typescript-security
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)
> typescript-language
Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)
> typescript-best-practices
Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)