Google Play school book of the first chapter | design safety

By Jon Markoff and Sean Smith, Android Security and Privacy Team

Not long ago, we launched the Google Play Academy to provide you with rich learning resources to help you develop your app business skills. You can learn online, free of charge, the practical guide tailored by Google experts, including policy, design, preparation, launch, growth, interaction, monetization, Play Management center, and more, to solve the most pressing problems at the most critical moment. We’re also running a series of content for Google Play Academy courses, so let’s start with the “Design safety” course.

As a developer, are you struggling to figure out when to incorporate security threat protection into your planning? Integrating security into the application development lifecycle can save you a lot of time and money while significantly reducing risk. That’s why we’ve launched “Design Security” on Google Play Academy to help you identify and proactively defend against security threats and mitigate their impact. Click here to start the course immediately.

The Android ecosystem, including Google Play, has many built-in security features to protect developers and users. The Design Security course helps you build more security features into your application to further improve the security of your application. For example, Jetpack Security can help developers properly encrypt stored data (static data) and only provide secure and well-known/mainstream algorithms to encrypt files and SharedPreferences. As a solution, the SafetyNet Attestation API helps identify potentially dangerous usage patterns. There are several common design vulnerabilities that need special attention, such as the use of shared or improper file storage, the use of insecure protocols, and unprotected components such as activities. This course also provides a variety of ways to test your application to ensure its security after release. Finally, you can set up a Vulnerability Disclosure Plan (VDP) to enlist the help of security researchers.

In subsequent lessons, you can learn how to integrate security into all stages of the development process by adopting the Secure Development Life Cycle (SDL). SDL is an industry-standard process, and in this course you will learn the basics of how to plan, get high-level support, and integrate into the development life cycle.

The threat model is part of the secure development lifecycle. In this course, you will learn about the attacker’s mindset to identify, classify, and solve threats. By modeling threats early in the design phase of development, you can identify potential threats and start planning how to mitigate those threats at a lower cost to build a more secure product for your users.

Improving application security is a never-ending process. Welcome to the “Design Security” course series, where you will learn a few short lessons on how to integrate security into your application’s development life cycle, model potential threats, integrate application security best practices into your application, and how to avoid possible design threats. Click here to start the course immediately.

You are welcome to continue to follow the official wechat account to learn more about the series of content we provide for the Courses of Google Play College, so as to escort your journey to the sea.

Google Play Academy new release!

Help you succeed on Google Play with free Chinese language courses designed by Google product experts according to the needs of developers.

Go to Google Play Academy: g.cn/playacademy, sign up for your account with any email address, and start your learning journey!