Android Security: Securing your Gradle builds from baddies
<p>This is the accompanying blog post for my recent Droidcon Berlin 2023 talk “How to stop the Gradle Snatchers: Securing your builds from baddies” — you can find the slides, video and other resources for this talk at my site <a href="https://spght.dev/talks" rel="noopener ugc nofollow" target="_blank">spght.dev/talks</a></p>
<p>If you are an Android developer like me, you will likely be somewhat familiar with the ‘elephant in the room’ when it comes to our builds, Gradle. For over 10 years, it has been the go-to build tool for the Android ecosystem replacing ant, and helping developers move forward into a more configurable and pleasant developer experience¹.</p>
<p>However, like any tool we use in our developer utility belt to build our apps, it is susceptible to security risks that can (and do) pose a threat to our codebases, apps and users.</p>
<p>While my talk and this post approach the topic from an Android development angle, the tips and tricks shared can be applied to <strong><em>any</em></strong> Gradle project. In this post, we will explore some simple steps we can take to ensure Gradle doesn’t fall foul to a supply-chain attack.</p>
<p><a href="https://proandroiddev.com/android-security-securing-your-gradle-builds-from-baddies-1dc30e1acf30"><strong>Learn More</strong></a></p>