Android Secure App Development Guidance for DoD

Led research and development of white paper on technical details of developing Android mobile applications with a focus on data security and software assurance. Leveraged emerging guidance from NIST and DISA, for high-assurance.

co-authors: Shawn Valle, Michael Peck

September 30, 2011

Executive Summary

Android applications developed for US Department of Defense (DoD), are required to go through a workflow process to evaluate and test for meeting expected Cyber Security and Information Assurance guidelines. Applications that meet the evaluation guidelines can be permitted into the enterprise application market, known as CAPStore, for user distribution. The following documentation identifies the technical requirements and guidance Android application developers should adhere to when developing applications for DoD.

The details within are technical and security focused, and should be made available to software engineers and IA engineers. The material is organized with a logical flow in mind, initially focusing on application permissions, then into securing code and data, and finally focusing on multiple application interaction.

Android Secure Application Development Guidance_Public_Release