https://sudarshantechlabs.com/blog/tag/security Posts tagged Security from SudarshanTechLabs. en-us Sun, 26 Jul 2026 00:00:00 GMT support@sudarshantechlabs.com (Sudarshan Chaudhari) support@sudarshantechlabs.com (Sudarshan Chaudhari) https://sudarshantechlabs.com/blog/detecting-root-and-tamper-in-android-apps https://sudarshantechlabs.com/blog/detecting-root-and-tamper-in-android-apps Root and tamper detection raises the cost of attacking your app, but it's a deterrent, not a wall. Here's a realistic look at what to check, how to respond proportionally, and why Play Integrity beats DIY checks. · 4 min read Sun, 26 Jul 2026 00:00:00 GMT Security Root Detection Android Play Integrity Tamper https://sudarshantechlabs.com/blog/handling-api-keys-safely-in-android-apps https://sudarshantechlabs.com/blog/handling-api-keys-safely-in-android-apps Any API key you ship in an APK can be extracted — full stop. Here's how I actually handle keys in Android: which ones can live in the app, which must go behind a backend, and how to keep them out of git either way. · 4 min read Sat, 25 Jul 2026 00:00:00 GMT Security API Keys Android Secrets Backend https://sudarshantechlabs.com/blog/proguard-r8-for-security-obfuscating-sensitive-code https://sudarshantechlabs.com/blog/proguard-r8-for-security-obfuscating-sensitive-code R8's obfuscation won't stop a determined reverse engineer, but it removes the easy wins and raises the cost of attacking your app. Here's what it actually protects, its limits, and how to configure it without breaking your build. · 4 min read Fri, 24 Jul 2026 00:00:00 GMT Security R8 ProGuard Android Obfuscation https://sudarshantechlabs.com/blog/certificate-pinning-in-android-when-and-how https://sudarshantechlabs.com/blog/certificate-pinning-in-android-when-and-how Certificate pinning hardens your app against man-in-the-middle attacks, but done wrong it can brick your app on a cert rotation. Here's when it's worth it, how to implement it safely, and the backup-pin discipline that prevents outages. · 4 min read Thu, 23 Jul 2026 00:00:00 GMT Security Certificate Pinning Android Networking TLS https://sudarshantechlabs.com/blog/securing-android-sharedpreferences-and-datastore https://sudarshantechlabs.com/blog/securing-android-sharedpreferences-and-datastore SharedPreferences and DataStore are where small but sensitive values quietly accumulate. Here's how I keep that local storage secure — what to encrypt, what to keep in the Keystore, and what not to store at all. · 4 min read Wed, 22 Jul 2026 00:00:00 GMT Security DataStore Android Encryption Storage https://sudarshantechlabs.com/blog/android-app-security-preventing-common-vulnerabilities https://sudarshantechlabs.com/blog/android-app-security-preventing-common-vulnerabilities The Android vulnerabilities I see most often in real apps aren't exotic — they're exported components, insecure storage, and sloppy intents. Here's how to prevent the common ones before they ship. · 4 min read Tue, 21 Jul 2026 00:00:00 GMT Security Android Vulnerabilities Best Practices Mobile Security https://sudarshantechlabs.com/blog/owasp-mobile-top-10-android-developers https://sudarshantechlabs.com/blog/owasp-mobile-top-10-android-developers A practical walk through the OWASP Mobile Top 10 from an Android developer's chair — the risks that actually show up in real apps, with concrete Kotlin examples of what to do instead of the insecure default. · 4 min read Fri, 10 Jul 2026 00:00:00 GMT Security OWASP Android Mobile Security Best Practices https://sudarshantechlabs.com/blog/tiny-rust-security-log-scanner https://sudarshantechlabs.com/blog/tiny-rust-security-log-scanner A practical look at RustThreatLensAI, a small Rust CLI for local security log triage, brute-force detection, secret spotting, and JSON risk reports. · 5 min read Thu, 18 Jun 2026 00:00:00 GMT Rust CLI Security Automation Debugging https://sudarshantechlabs.com/blog/android-keystore-management-dont-lose-your-apps https://sudarshantechlabs.com/blog/android-keystore-management-dont-lose-your-apps Learn how to securely manage the Android Keystore in your Kotlin app to prevent key loss and ensure smooth app updates from your Bangkok solo dev studio. · 5 min read Mon, 15 Jun 2026 00:00:00 GMT Android Security Solo Dev https://sudarshantechlabs.com/blog/iframe-blocking-digital-signage https://sudarshantechlabs.com/blog/iframe-blocking-digital-signage X-Frame-Options and Content-Security-Policy headers silently block your signage content without any error. Here's exactly how iframe blocking works, how to detect it, and how to fix it. · 5 min read Thu, 16 Apr 2026 00:00:00 GMT Digital Signage Web Security Debugging https://sudarshantechlabs.com/blog/security-testing-android https://sudarshantechlabs.com/blog/security-testing-android Security vulnerabilities in Android apps can expose user data, bypass authentication, and get your app removed from the Play Store. Here's a practical security testing checklist developers can run themselves. · 4 min read Wed, 04 Mar 2026 00:00:00 GMT Android Security Testing Kotlin