Book Image

Android Security Cookbook

Book Image

Android Security Cookbook

Overview of this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Protecting content provider paths


Content providers are probably the most exploited application components, given that they often hold the data most critical to user authentication. They often hold a lot of sensitive data about users and their affinity to SQL-injection attacks and information leakage. This walkthrough will detail some measures that you can take to protect your content providers' general information leakage caused by common errors in how permissions are configured for content providers. We'll also cover guarding database and content providers against SQL-injection attacks.

This recipe will discuss how to add certain configurations to your AndroidManifest.xml file to protect access to your content provider, down to the URI path level. It also discusses some of the security risks in misusing the grant URI mechanism, so as to not expose too much of your content provider paths to unauthorized or potentially malicious applications.

Uniform resource identifiers (URIs) are used with...