Android Security: Securing your Gradle builds from baddies

<p>This is the accompanying blog post for my recent Droidcon Berlin 2023 talk &ldquo;How to stop the Gradle Snatchers: Securing your builds from baddies&rdquo; &mdash; you can find the slides, video and other resources for this talk at my site&nbsp;<a href="https://spght.dev/talks" rel="noopener ugc nofollow" target="_blank">spght.dev/talks</a></p> <p>If you are an Android developer like me, you will likely be somewhat familiar with the &lsquo;elephant in the room&rsquo; when it comes to our builds, Gradle. For over 10 years, it has been the go-to build tool for the Android ecosystem replacing ant, and helping developers move forward into a more configurable and pleasant developer experience&sup1;.</p> <p>However, like any tool we use in our developer utility belt to build our apps, it is susceptible to security risks that can (and do) pose a threat to our codebases, apps and users.</p> <p>While my talk and this post approach the topic from an Android development angle, the tips and tricks shared can be applied to&nbsp;<strong><em>any</em></strong>&nbsp;Gradle project. In this post, we will explore some simple steps we can take to ensure Gradle doesn&rsquo;t fall foul to a supply-chain attack.</p> <p><a href="https://proandroiddev.com/android-security-securing-your-gradle-builds-from-baddies-1dc30e1acf30"><strong>Learn More</strong></a></p>