Pedro Gómez

Your Android app as a crime scene!


Technical audits of iOS and Android applications have become an integral part of our daily job here at Karumi. Even though it can look easy, there are quite a few implementation details to review when performing such audit. Based on this idea, we have decided to publish the guidelines we follow to audit Android applications and you can find the result in this GitHub page: http://karumi.github.io/AndroidAudit/

In this page you can see all the topics we cover related to an Android application audit. The content you can find in this document review all this points related to an Android application development:

  • - Version Control System usage.
  • - Build Tools usage and configuration.
  • - Android Resources usage.
  • - Android Layouts usage.
  • - Permissions usage and request for permissions implementation.
  • - Security Issues.
  • - Push Notifications usage and implementation.
  • - Performance.
  • - Java Packages Structure.
  • - Codestyle.
  • - Offline support implementation.
  • - Architecture:
  • - Presentation Layer implementation.
  • - Domain implementation.
  • - API Client implementation.
  • - Storage implementation.
  • - Testability and tests implementation.


If you want to know more about these topics and what to review auditing an Android application we strongly recommend you to review the GitHub page we have published with all the information: http://karumi.github.io/AndroidAudit/

Pedro Gómez

I'm a software engineer focused on new technologies, open source, clean code, and testing. Right now I'm working as a Senior Software Engineer at Karumi, a little software development studio.