|[August 04, 2014]
JSSEC Releases English Version of Android Application Secure Design/Secure Coding Guidebook [1 July 2014 Edition]
TOKYO --(Business Wire)--
On 1 Aug 2014, the Secure Coding Group (led by Masaru Matsunami) of the
Japan Smartphone Security Association (JSSEC; Chairman: Hiroshi Yasuda)
is releasing an English version of Android (News - Alert) Application Secure
Design/Secure Coding Guidebook [1 July 2014 Edition], to become the
revised version was published in 1 May 2014.
Revised of the Guide
Add the following two items this guide.
1. Dealing with privacy
How to get consent and the idea of dealing with privacy
information on a smartphone.
2. Using encryption technology
and complex (realization of confidentiality) in Android Application,
handling of message authentication code/digital signature.
Ministry of Internal Affairs and Communications advocated "Smartphone
Privacy Initiative" and "Smartphone Privacy Initiative?"(SPI*), as well
as the proper handling user information, Applications that take
advantage of the user information of smartphone within used as privacy
policy information about the purpose and method of use it seeks to
demystify to person.
"Dealing with privacy information" on,
provided sample code and rules for obtaining consent for the use of user
information at the right time and methods.
Further, in the field of security software, you can use the encryption
technology to protect the assets of the application or user from threats
such as eavesdropping and tampering of a malicious third party. Cipher
various functions are provided for Android OS, you can use the
encryption technology to protect the assets in the Android applications.
encryption technology" in, we have classified the encrption technology
to be utilized in accordance with the purpose referred to as "you want
to protect what assets from threats." We also provides sample code and
rules for determining the type of encryption key to be selected in each
of cryptography, such as encryption method and length.
About the Guide
The guide describes a methodology for design and development of Android
applications that maximizes application security. It's designed
specifically to be used by developers in real-world application
development environments. Each chapter includes a sample code section
that provides examples of secure coding practices for busy developers, a
rulebook section that explains the thinking behind the code examples,
and advanced sections that delve deeper into selected security topics.
Feature of the guide
The guide is written from the developer's point of view to be usable
to working coders.
The included sample code can both act as a guide to development and be
included in commercial products under the Apache License, Version 2.0.
The continued sharing of the most up-to-date security practices is
central to the philosophy of the guide. The content will be updated
For more details, view the guide at:
guide will appear at Kindle Store shortly.
*SPI of Ministry of Internal Affairs and Communications
"Smartphone Privacy Initiative?"
About the Japan Smartphone Security Association
The Japan Smartphone Security Association, established in May of 2011,
encourages the growing popularity of smartphones and tablets in business
by addressing a wide variety of security issues and disseminating
educational security information to a range of audiences.
"Japan Smartphone Security Association," "Japan Smartphone Security
Forum," and "JSSEC" are trademarks of the Japan Smartphone Security
All other company names and product names may be the
trademarks or registered trademarks of their respective owners.
[ InfoTech Spotlight's Homepage ]