...
- Specific to the NDK:
- https://intrepidusgroup.com/insight/2012/05/ndk-file-permissions-gotcha-and-fix/
- http://community.arm.com/groups/android-community/blog/2013/09/19/10-android-ndk-tips Ten Android NDK tips
- “Android NDK | Android Developers”: http://developer.android.com/tools/sdk/ndk/index.html#Contents (also http://developer.android.com/tools/sdk/ndk/index.html )
- https://viaforensics.com/resources/reports/best-practices-ios-android-secure-mobile-development/ (secure app development guidelines list on the right column summarizes, and full report downloadable)
- http://developer.android.com/guide/practices/verifying-apps-art.html#JNI_Issues It discusses current security problems (JNI), as well as new ones that will arise with ART (arrays and compacting garbage collectors, error handling).
- https://developer.android.com/training/articles/security-tips.html Secure Android app development tips
- http://source.android.com/devices/tech/security/ very large source of info about Android app security
- http://source.android.com/devices/tech/security/best-practices.html best practices for secure Android coding, within main site above
- https://www.isecpartners.com/media/11991/isec_securing_android_apps.pdf Guidelines for developing secure Android apps
- https://developer.android.com/training/articles/security-ssl.html Android app developers should securely use HTTPS and TLS. Info on how to do so, including using pinning when possible.
- For fleshing out new rule JNI01-J, based on slide 18 from Marc Schoenefeld's Java One presentation: https://www.securecoding.cert.org/confluence/display/java/JNI01-J.+Safely+invoke+standard+APIs+that+perform+tasks+using+the+immediate+caller%27s+class+loader+instance?src=contextnavchildmode
- http://source.android.com/devices/tech/security/index.html Overall Android security overview, but needs searching to find the specific info useful for secure coding of Android apps
- https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy Hardening Android for Security and Privacy
Specific vulnerabilities disclosures
...