Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Android Application Security Essentials
  • Toc
  • feedback
Android Application Security Essentials

Android Application Security Essentials

By : Pragati Rai
4 (2)
close
Android Application Security Essentials

Android Application Security Essentials

4 (2)
By: Pragati Rai

Overview of this book

In today's techno-savvy world, more and more parts of our lives are going digital, and all this information is accessible anytime and anywhere using mobile devices. It is of the utmost importance that you understand and implement security in your apps that will reduce the likelihood of hazards that will wreck your users' experience. "Android Application Security Essentials" takes a deep look into Android security from kernel to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to overcome the challenge of getting the security of your applications right. "Android Application Security Essentials" will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.We will start by learning the overall security architecture of the Android stack. Securing components with permissions, defining security in a manifest file, cryptographic algorithms and protocols on the Android stack, secure storage, security focused testing, and protecting enterprise data on your device is then also discussed in detail. You will also learn how to be security-aware when integrating newer technologies like NFC and mobile payments into your Android applications. At the end of this book, you will understand Android security at the system level all the way to the nitty-gritty details of application security for securing your Android applications.
Table of Contents (12 chapters)
close
close
Preface
chevron up
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. The Android Security Model – the Big Picture
1. The Android Security Model – the Big Picture
Installing with care
Android platform architecture
Application signing
Data storage on the device
Crypto APIs
Device Administration
Summary
2
2. Application Building Blocks
2. Application Building Blocks
Application components
Intents
Summary
3
3. Permissions
3. Permissions
Permission protection levels
Application level permissions
Component level permissions
Extending Android permissions
Summary
4
4. Defining the Application's Policy File
4. Defining the Application's Policy File
The AndroidManifest.xml file
Application policy use cases
Example checklist
Summary
5
5. Respect Your Users
5. Respect Your Users
Principles of data security
Identifying assets, threats, and attacks
End-to-end security
Digital rights management
Summary
6
6. Your Tools – Crypto APIs
6. Your Tools – Crypto APIs
Terminology
Security providers
Random number generation
Hashing functions
Public key cryptography
Symmetric key cryptography
Message Authentication Codes
Summary
7
7. Securing Application Data
7. Securing Application Data
Data storage decisions
User preferences
File
Cache
Database
Account manager
SSL/TLS
Installing an application on an external storage
Summary
8
8. Android in the Enterprise
8. Android in the Enterprise
The basics
Understanding the Android ecosystem
Device administration capabilities
Next steps
Summary
9
9. Testing for Security
9. Testing for Security
Testing overview
Security testing basics
Sample test case scenarios
Security testing the resources
Summary
10
10. Looking into the Future
10. Looking into the Future
Mobile commerce
Proximity technologies
Social networking
Healthcare
Authentication
Advances in hardware
Application architecture
Summary
11
Index
Index

What this book covers

Chapter 1, Android Security Model – the Big Picture, focuses on the overall security of the Android stack all the way from platform security to application security. This chapter will form a baseline on which the subsequent chapters will be built upon.

Chapter 2, Application Building Blocks, introduces application components, permissions, manifest files, and application signing from a security perspective. These are all basic components of an Android application and knowledge of these components is important to build our security knowledge.

Chapter 3, Permissions, talks about existing permissions in the Android platform, how to define new permissions, how to secure application components with permissions, and provides an analysis of when to define a new permission.

Chapter 4, Defining the Application's Policy File, drills down into the mechanics of the manifest file, which is the application's policy file. We talk about tips and tricks to tighten up the policy file.

Chapter 5, Respect Your Users, covers best practices on handling users' data properly. This is important as a developer's reputation depends on user reviews and ratings. The developer should also be careful about handling user private information carefully so as not to fall into legal traps.

Chapter 6, Your Tools – Crypto APIs, discusses cryptographic capabilities provided by the Android platform. These include symmetric encryption, asymmetric encryption, hashing, cipher modes, and key management.

Chapter 7, Securing Application Data, is all about secure storage of application data both at rest and in transit. We talk about how private data is sandboxed with the application, how to securely store data on the device, on external memory cards, drives, and databases.

Chapter 8, Android in the Enterprise, talks about device security artifacts that are provided by the Android Platform and what they mean to an application developer. This chapter is of special interest to enterprise application developers.

Chapter 9, Testing for Security, focuses on designing and developing security-focused test cases.

Chapter 10, Looking into the Future, discusses upcoming use cases in the mobile space and how it affects Android, especially from a security perspective.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete