ensuring-mobile-security
Ensure app security. Use when handling sensitive data, configuring networking, or preparing for production.
Best use case
ensuring-mobile-security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Ensure app security. Use when handling sensitive data, configuring networking, or preparing for production.
Teams using ensuring-mobile-security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ensuring-mobile-security/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ensuring-mobile-security Compares
| Feature / Agent | ensuring-mobile-security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Ensure app security. Use when handling sensitive data, configuring networking, or preparing for production.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Standards
## When to use this skill
- When handling user credentials or sensitive personal data (PII).
- When configuring API calls and networking.
- When implementing authentication logic.
- When preparing the app for a production release.
## Data Storage
- **Credentials**: NEVER store passwords, tokens, or API keys in `AsyncStorage`, `SharedPreferences`, `UserDefaults` (iOS), or `localstorage` (Web).
- **Use**: Secure storage wrappers like `expo-secure-store` or `flutter_secure_storage` which leverage the OS Keychain/Keystore.
- **Local Data**: Encrypt sensitive databases (e.g., Realm/SQLite encryption) if they contain user data.
- **Cleanup**: Wipe all sensitive local data and tokens immediately upon logout.
## Network Security
- **Transport**: Enforce **HTTPS** for all connections. Block cleartext traffic in `Info.plist` (iOS) and `AndroidManifest.xml` (Android).
- **Certificate Pinning**: Implement certificate pinning for critical APIs to prevent MitM attacks.
- **Validation**: Strict SSL certificate validation.
- **Logging**: NEVER log sensitive headers (Auth tokens) or request bodies containing PII in production or crash reports.
## Authentication
- **Protocol**: Use industry standards like OAuth 2.0 / OIDC. Avoid custom auth schemes.
- **Biometrics**: Use FaceID/TouchID for quick re-auth where appropriate, but always fallback to PIN/Password.
- **Sessions**:
- Implement short-lived access tokens and long-lived refresh tokens.
- Enforce local session timeouts for banking/fintech apps.
- **Privacy**: Obscure the app preview in the recent apps switcher (Task Manager) to prevent screenshotting sensitive screens.
## Code Security
- **Production Builds**:
- Enable code obfuscation (ProGuard/R8 for Android).
- Strip debug symbols.
- Remove all `console.log` / `print` statements using build tools (e.g., `babel-plugin-transform-remove-console`).
- **Validation**: Sanitize and validate ALL user inputs on both client and server to prevent injection attacks.
- **Rate Limiting**: Handle 429 Too Many Requests gracefully.Related Skills
dynamic-application-security-testing
Perform dynamic security testing against running web applications and APIs to discover vulnerabilities through active probing and fuzzing.
ck:mobile-development
Build mobile apps with React Native, Flutter, Swift/SwiftUI, Kotlin/Jetpack Compose. Use for iOS/Android, mobile UX, performance optimization, offline-first, app store deployment.
azure-security-keyvault-secrets-java
Azure Key Vault Secrets Java SDK for secret management. Use when storing, retrieving, or managing passwords, API keys, connection strings, or other sensitive configuration data.
azure-security-keyvault-keys-java
Azure Key Vault Keys Java SDK for cryptographic key management. Use when creating, managing, or using RSA/EC keys, performing encrypt/decrypt/sign/verify operations, or working with HSM-backed keys.
Appium Mobile Testing
Mobile app testing automation for iOS and Android with Appium
api-security
Comprehensive API security testing skill for REST, GraphQL, gRPC, and WebSocket APIs. This skill should be used when performing API penetration testing, testing for OWASP API Top 10 vulnerabilities, fuzzing API endpoints, testing authentication/authorization, and analyzing API specifications. Triggers on requests to test API security, pentest REST APIs, test GraphQL endpoints, analyze OpenAPI/Swagger specs, or find API vulnerabilities.
agent-mobile-developer
Cross-platform mobile specialist building performant native experiences. Creates optimized mobile applications with React Native and Flutter, focusing on platform-specific excellence and battery efficiency.
agent-mobile-app-developer
Expert mobile app developer specializing in native and cross-platform development for iOS and Android. Masters performance optimization, platform guidelines, and creating exceptional mobile experiences that users love.
adynato-mobile
Mobile app development conventions for Adynato projects using React Native and Expo. Covers navigation patterns, native APIs, performance optimization, and platform-specific considerations. Use when building or modifying mobile applications.
accessibility-mobile
React Native accessibility patterns for iOS and Android. Use when implementing a11y features.
mobile-first-design-rules
Focuses on rules and best practices for mobile-first design and responsive typography using tailwind.
PowerShell Scripting for Security
This skill should be used when the user asks to "write PowerShell scripts", "automate security tasks with PowerShell", "create PowerShell functions", "work with PowerShell modules", "parse data with PowerShell", or "build security automation scripts". It provides comprehensive PowerShell scripting fundamentals for security professionals.