Enrique López-Mañas, speaking at Voxxed Days Zurich, has written a book with basic, intermediate and advanced questions and answers for Android interviews.

Following on from Part I, this is an extract of some of the questions and answers from “100 Questions and Answers to help you land your Dream Android Job: or to hire the right candidate!“.

Part I looked at the structure of an Android application, Activities, dependency injection, ADB and serializing data.


Can you provide some ideas on how to prevent memory leaks in your app?

There are many strategies that can be applied. Here are just a small set of ideas.

  • It is better to use an Application Context rather than an Activity Context, since Activities are more likely to be leaked.
  • Generally, it’s good to avoid having long-lived references to Activities.
  • It is better to avoid non-static inner classes in Activities unless we control their lifecycle. It is better to use static inner classes with weak references, so they can’t be collected when they are not used.

NB. There is a library published by Square called Leak Canary. A candidate with knowledge about this library will likely have experience fixing memory leaks.

Can you write some code that causes a Java memory leak?

For example, a connection that is not closed:

try {
   Connection conn = ConnectionFactory.getConnection();
} catch (Exception e) {

An open stream:

try {
   BufferedReader br = new BufferedReader(new FileReader(inputFile));
} catch (Exception e) {

Or a static final field holding a reference to an object:

class MemorableClass {
   static final ArrayList list = new ArrayList(100);

Is it possible to run an Android app in multiple processes?

Yes. By default, an application runs in a process. Android devices can only support 24/36/48 MB for a single process (and even less in smaller devices). When we start an Android application, a process is forked from Zygote, spawns the main thread and runs the main Activity. We can however run different processes by using android:process. For example, the following lines will make the service RenderVideogame run on a different process.




Are SQL attacks valid in Android? How would you prevent them?

If you are using data and retrieving it from components or network components that at the end perform a SQL query, SQL injections are an issue. Besides using validation in input fields or libraries to avoid SQL injections, another possible solution is to use parameterized queries with ContentProviders, which virtually remove the risk of suffering a SQL Injection.

Can you dynamically load code in Android?

Although not recommended, code can be loaded dynamically from outside the application APK by making use of the class DexClassLoader.

This made sense when there was a limitation to the number of methods an APK could host (65k). Now that Google has solved this, some applications might need to download executables from over the network. However this exposes the security of the system and makes it very vulnerable to tampering or malicious code.