Skip to main content

App Security Guide

This is a security guide that developers must comply with when registering an app on the Pleos App Market. This guideline goes beyond simple rules to present essential standards for protecting users' personal information and sensitive vehicle data. The goal is to ensure that all apps maintain a high level of security so that users can use the services with peace of mind.

Sensitive Data Management

When developing an app, sensitive information such as Personally Identifiable Information (PII), financial information, API keys, and encryption keys must never be stored in plain text. If data must be stored on the device, the following principles must be followed.

  • Data Encryption: Sensitive data must be protected using strong encryption algorithms before storage.
  • Log Data Management: Care must be taken to ensure that sensitive information is not recorded in debugging logs during the development/testing phase, and related functions must be disabled or information masked before the app is released.
  • Cache Data Management: A policy must be applied to immediately delete cache data containing sensitive information when the app is closed or switched to the background.
  • Disable Automatic Backup: When using Android's automatic backup feature, files or directories containing sensitive data must be excluded from the backup.
  • Caution with External Storage: Sensitive information should not be stored in publicly accessible external storage. If it must be stored, it must be encrypted and appropriate access control settings applied.

Secure Encryption Usage

To securely protect user data, the application of strong encryption is essential. Beyond simply encrypting data, security best practices must be followed across the safety of the algorithms used for encryption and the correct implementation methods.

  • Use of Secure Encryption Algorithms: Standard recommended algorithms whose cryptographic security has been verified to date must be used. Algorithms with known vulnerabilities should not be used.
  • Application of Secure Block Cipher Modes: Vulnerable block cipher modes that expose repetitive patterns should not be used when encrypting data. Verified secure modes should be applied to enhance the correlation between data blocks and ensure unpredictability.
  • Application of Secure Padding Methods: To prevent serious threats such as padding oracle attacks, it is essential to apply secure padding methods to fill incomplete blocks of data.
  • Use of Secure Random Number Generators: Cryptographically secure random number generators must be used for generating random numbers related to encryption, including initialization vectors. Vulnerable pseudo-random number generators are predictable and can pose security threats, so they should not be used.

Establishing a Secure Communication Environment

During the process of communicating with external networks, apps may expose sensitive information or become infected with malware. To protect users and provide a reliable service, the following security principles must be adhered to.

  • Mandatory Use of Secure Protocols: Vulnerable protocols that do not encrypt data should not be used. All external communications must use secure protocols with encryption applied.
  • Prohibition of Vulnerable Encryption Protocols: Encryption protocols with known vulnerabilities should not be used. The latest versions of protocols whose security has been verified must be applied.
  • Use of Secure Cipher Suites: The Cipher Suite used during communication must be one whose security has been verified. Suites containing vulnerable encryption algorithms should not be used.
  • Prohibition of Malicious Server Communication: Apps must not communicate with malicious C&C servers or connect to servers from unknown sources. All target servers for communication must be predefined and verified.
  • Remote Command Control from Server: When executing remote commands received from the server, the validity and integrity of the commands must be verified.

Component and Permission Management

Safely managing the interaction between the app and the operating system is a key element in protecting user data and devices. Developers must limit unnecessary permission requests, minimize external exposure of internal components, and strictly control data access to block potential security threats.

  • Limitation of Unnecessary Permission Use: Permissions that are not essential to the app's functionality should not be requested. The principle of minimizing permissions should be applied to protect users' personal information.
  • Limitation of Unnecessary Component Exposure: The external exposure of app components that do not need to be called by external apps must be strictly limited.
  • Secure Data Transmission: Data containing important information should not be broadcast externally without specifying a recipient, and explicit methods must be used to ensure it is delivered only to specific recipients.
  • Strengthening Data Access Control: Access permissions must be clearly set to prevent unauthorized access by external apps to the data storage used by the app.
  • Limitation of Local Resource Access: It is recommended to limit access to the local file system, as it can be exploited as a path for attackers to access important files in the app's internal storage.

Secure Development and Deployment

Since app code is a core element that directly handles user data, security must be prioritized from the development process. Insecure coding practices can lead to data leaks and various attack vectors. To provide a safe and reliable app, the following principles must be followed.

  • Prohibition of Unauthorized API Use: APIs not officially provided or authorized for use by Pleos must not be included in the app. This can pose a serious threat to the stability and security of the vehicle system.
  • Limitation of Unnecessary API Use: APIs that are not directly related to the app's functionality should not be requested or used. This violates the principle of minimizing permissions and can lead to unnecessary data access.
  • Prohibition of Hardcoding Important Information: Important information should not be directly entered into the app's source code or configuration files.
  • Limitation of Vulnerable SDK and Library Use: All public libraries and SDKs used in the app must be regularly checked to ensure there are no known security vulnerabilities, and proactive measures must be taken. It is recommended to keep them updated to the latest versions.
  • Prohibition of Test Certificate Use: Officially signed certificates must be used in the distribution app, not test or debug certificates.
  • Disabling Debugging: Debugging features must be disabled in the final distribution app. This prevents attackers from analyzing the app's internal logic or extracting important information from memory.