Identifying assets, threats, and attacks
There is nothing like absolute security. When we talk about data security, we need to identify what is it that we are protecting and from whom. The following three questions can help us map our approach:
- What are we trying to protect? From an Android application perspective, are we trying to protect the username and password of the user, or the coupon code and credit card number that a user might enter to make a purchase through your application, or rights protected song or picture that the user purchased using your app? By answering this question we can nail down our assets.
- Who are we trying to protect the asset from? In other words, what is our threat? Are we trying to protect user data from other applications on the system, or are we trying to protect this information from other apps that you have developed? Do we want to protect our asset even if the device is stolen?
- What is the attack? Answering this question helps identify vulnerabilities in...
