Skip to content

Security I Quiz :Engineering Maintainable Android Apps (Android App Development Specialization) Answers 2025

1. Question 1

Which statements are true about economy of mechanism?

  • ✔️ Using less code to implement the same functionality simplifies security audits.

  • ❌ Using less code will always mean code is less extensible and modular.

  • ✔️ Using less complicated code to implement the same functionality simplifies security audits.

2. Question 2

Best refactorings that follow economy of mechanism (runner never changes):

  • ✔️ The version where DataHandler uses executor.submit() directly in methods like fetchData() and writeData() (removing Runner interface).

  • ✔️ The constructor-injected ExecutorService version (fewer layers).

  • ❌ Adding extra wrapper classes like MyRunner.

  • ❌ Keeping interface and anonymous classes when not needed.

Correct choices:
✔️ Code block #4
✔️ Code block #5

3. Question 3

Reasons why least privilege is important:

  • ❌ Each privilege makes development faster.

  • ✔️ Each privilege adds a security responsibility.

  • ❌ Privileges increase memory consumption.

4. Question 4

Apps that do NOT follow least privilege:

  • ❌ They make development easier.

  • ❌ They increase build times.

  • ❌ They consume more disk space.

  • ✔️ They increase the chance of accidental access to capabilities without declaring permissions.

5. Question 5

Examples of secure defaults:

  • ❌ Encrypting only when user flags data as sensitive.

  • ❌ Using default username + password.

  • ✔️ Forcing user to set a password on first use.

6. Question 6

Why secure defaults matter:

  • ✔️ User may not know how to change defaults securely.

  • ✔️ User may assume defaults are secure.

  • ✔️ User may not bother changing defaults.

  • ✔️ User may not know defaults exist.

(All are correct.)

7. Question 7

Which is an example of secure defaults?

Correct secure default = secure engine should be used when type is missing or null.

  • ❌ Version 1 → No default, uses whatever user selects.

  • ❌ Version 2 → Still no default.

  • ✔️ Version 3 → Uses a predefined encrypted engine as default (“secure”).

Correct: Third code block ✔️

8. Question 8

Apps that ask for too many permissions violate:

  • ❌ Economy of Mechanism

  • ❌ Secure Defaults

  • ❌ Complete Mediation

  • ✔️ Least Privilege

9. Question 9

Issues in the code:

  • ✔️ Flags are not final → values can be modified → unexpected insecure states.

  • ✔️ New int variables default to 0 → this causes insecure default behavior.

(Both options are correct.)

10. Question 10

When is it OK to ignore security principles?

  • ❌ If it helps meet a deadline

  • ❌ If it improves performance

  • ✔️ Never

Summary Table

Q.No Correct Options Summary
1 ✔️ Option 1, ✔️ Option 3 Economy of mechanism → less code & less complexity = better security.
2 ✔️ Code Block 4, ✔️ Code Block 5 Removing unnecessary interfaces/wrappers simplifies design.
3 ✔️ Option 2 Each privilege adds a security responsibility.
4 ✔️ Option 4 Violating least privilege increases accidental access risk.
5 ✔️ Option 3 Secure default = force user to set password first time.
6 ✔️ All options Users may not know/notice/change insecure defaults.
7 ✔️ Code Block 3 Provides a secure default encrypted storage engine.
8 ✔️ Least Privilege Too many permissions = least privilege violation.
9 ✔️ Both options Insecure defaults & mutable security flags.
10 ✔️ Never Security principles should never be ignored.