From a15562f8fd92d09f3277a0fabd0d54eff6e98b4f Mon Sep 17 00:00:00 2001 From: Adrian Ludwig Date: Thu, 15 Dec 2011 15:37:33 -0800 Subject: Updated "Designing for Security" documentation Change-Id: I1fe5b353d750695f75370ef31ae1b39e50159164 Signed-off-by: Adrian Ludwig --- docs/html/guide/practices/security.jd | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'docs/html') diff --git a/docs/html/guide/practices/security.jd b/docs/html/guide/practices/security.jd index 5da7e98..476c301 100644 --- a/docs/html/guide/practices/security.jd +++ b/docs/html/guide/practices/security.jd @@ -552,7 +552,7 @@ the minimum functionality required by your application.

If your application does not directly use JavaScript within a WebView, do not call - setJavaScriptEnabled(). We have seen this method invoked in sample code that might be repurposed in production application -- so remove it if necessary. By default, Android Developer Blog.

+

Application developers should be careful writing to on-device logs. +In Android, logs are a shared resource, and are available +to an application with the + +READ_LOGS permission. Even though the phone log data +is temporary and erased on reboot, inappropriate logging of user information +could inadvertently leak user data to other applications.

+ +

Handling Credentials

In general, we recommend minimizing the frequency of asking for user -- cgit v1.1