A Native Android Application that demonstrates Secure Mobile Development Practises.
For more information, please check the Mobile Security Project.
Everytime when a PR is merged to master, the build script will automatically push the built binary to Kryptowire for security scanning.
-
OpenID Connect Authentication
-
Mobile Access Control
-
Client Cert Authentication
-
Certificate Pinning
-
Code Obfuscation (with Proguard)
-
Secure Data Storage
-
Device Trust Checks (Root Access, Emulator Access etc)
-
2FA with OTP (via Keycloak)
-
Authentication Brute Force Detection (via Keycloak)
-
Account Lockout Policies (via Keycloak)
-
Authentication/Access Control Auditing & Logging (via Keycloak)
-
Authenticated Calls to Protected Endpoints (via Keycloak)
The master branch will always track to the latest release of the SDK.
To run the showcase app
git clone git@github.com:aerogear/android-showcase-template.gitOpen showcase app in Android Studio and select the build variant release or debug to run the showcase with the latest release, or select build variant local to run the show case with a locally installed version of the SDK
For full build instructions please take some time to read our Contributing Guide
By default the app will use the backend services that are running on a dedicated OpenShift cluster for demonstration purpose.
You can also configure the app to run against different backend services:
The Keycloak configuration is saved in the mobile-services.json file.
link:https://raw.githubusercontent.com/aerogear/android-showcase-template/master/app/src/main/assets/mobile-services.json[role=include]By default, the app will not work with self-signed certificate due to security reasons. However, to help with local development, you may need to support it. Docs.aerogear.org has full configuration instructions.