Index

Call to Android Security API

Risk: info

Description

List of all API calls to the Android Keystore and Keychain API.

Recommendation

This entry is informative, no recommendations applicable.

Links

• Android Keystore System (Android developer)
• CWE-522: Insufficiently Protected Credentials
• Android Keychain System (Android developer)
• CWE-312: Cleartext Storage of Sensitive Information
• Insecure Data Storage (OWASP Mobile Top 10)
• Security tips (Android developer)

Standards

• OWASP_MASVS_L1:
  • MSTG_CRYPTO_1
  • MSTG_CRYPTO_2
  • MSTG_CRYPTO_3
• OWASP_MASVS_L2:
  • MSTG_CRYPTO_1
  • MSTG_CRYPTO_2
  • MSTG_CRYPTO_3
• OWASP_MASVS_v2_1:
  • MASVS_CRYPTO_2