Welcome!

Apache Authors: Elizabeth White, Pat Romanski, Liz McMillan, Christopher Harrold, Janakiram MSV

News Feed Item

JSSEC Releases English Version of Android Application Secure Design/Secure Coding Guidebook [1 July 2014 Edition]

On 1 Aug 2014, the Secure Coding Group (led by Masaru Matsunami) of the Japan Smartphone Security Association (JSSEC; Chairman: Hiroshi Yasuda) is releasing an English version of Android Application Secure Design/Secure Coding Guidebook [1 July 2014 Edition], to become the revised version was published in 1 May 2014.

Revised of the Guide

Add the following two items this guide.
1. Dealing with privacy information
How to get consent and the idea of dealing with privacy information on a smartphone.
2. Using encryption technology
Encryption and complex (realization of confidentiality) in Android Application, handling of message authentication code/digital signature.

Ministry of Internal Affairs and Communications advocated "Smartphone Privacy Initiative" and "Smartphone Privacy InitiativeⅡ"(SPI*), as well as the proper handling user information, Applications that take advantage of the user information of smartphone within used as privacy policy information about the purpose and method of use it seeks to demystify to person.
"Dealing with privacy information" on, incorporates a privacy policy that was created along the SPI, it has provided sample code and rules for obtaining consent for the use of user information at the right time and methods.

Further, in the field of security software, you can use the encryption technology to protect the assets of the application or user from threats such as eavesdropping and tampering of a malicious third party. Cipher various functions are provided for Android OS, you can use the encryption technology to protect the assets in the Android applications.
"Using encryption technology" in, we have classified the encryption technology to be utilized in accordance with the purpose referred to as "you want to protect what assets from threats." We also provides sample code and rules for determining the type of encryption key to be selected in each of cryptography, such as encryption method and length.

About the Guide

The guide describes a methodology for design and development of Android applications that maximizes application security. It’s designed specifically to be used by developers in real-world application development environments. Each chapter includes a sample code section that provides examples of secure coding practices for busy developers, a rulebook section that explains the thinking behind the code examples, and advanced sections that delve deeper into selected security topics.

Feature of the guide

  • The guide is written from the developer’s point of view to be usable to working coders.
  • The included sample code can both act as a guide to development and be included in commercial products under the Apache License, Version 2.0.
  • The continued sharing of the most up-to-date security practices is central to the philosophy of the guide. The content will be updated regularly.

For more details, view the guide at:
http://www.jssec.org/dl/android_securecoding_en.pdf
-------------------------------------------------------
The guide will appear at Kindle Store shortly.

*SPI of Ministry of Internal Affairs and Communications
“Smartphone Privacy Initiative”
http://www.soumu.go.jp/main_content/000171225.pdf (Japanese)
“Smartphone Privacy InitiativeⅡ”
http://www.soumu.go.jp/main_content/000236366.pdf (Japanese)

About the Japan Smartphone Security Association

The Japan Smartphone Security Association, established in May of 2011, encourages the growing popularity of smartphones and tablets in business by addressing a wide variety of security issues and disseminating educational security information to a range of audiences.

“Japan Smartphone Security Association,” “Japan Smartphone Security Forum,” and “JSSEC” are trademarks of the Japan Smartphone Security Association.
All other company names and product names may be the trademarks or registered trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.