Book Image

Android Application Security Essentials

By : Pragati Rai
Book Image

Android Application Security Essentials

By: Pragati Rai

Overview of this book

In today's techno-savvy world, more and more parts of our lives are going digital, and all this information is accessible anytime and anywhere using mobile devices. It is of the utmost importance that you understand and implement security in your apps that will reduce the likelihood of hazards that will wreck your users' experience. "Android Application Security Essentials" takes a deep look into Android security from kernel to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to overcome the challenge of getting the security of your applications right. "Android Application Security Essentials" will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.We will start by learning the overall security architecture of the Android stack. Securing components with permissions, defining security in a manifest file, cryptographic algorithms and protocols on the Android stack, secure storage, security focused testing, and protecting enterprise data on your device is then also discussed in detail. You will also learn how to be security-aware when integrating newer technologies like NFC and mobile payments into your Android applications. At the end of this book, you will understand Android security at the system level all the way to the nitty-gritty details of application security for securing your Android applications.

Related Content you might be interested in

Current Title:

Small book image
Android Application Security Essentials
Pragati Rai
Aug, 2013 | 218 pages
No titles found
Table of Contents (18 chapters)
Android Application Security Essentials
Android Application Security Essentials
Credits
Credits
Foreword
Foreword
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
The Android Security Model – the Big Picture
The Android Security Model – the Big Picture
Installing with care
Android platform architecture
Application signing
Data storage on the device
Crypto APIs
Device Administration
Summary
2
Application Building Blocks
Application Building Blocks
Application components
Intents
Summary
3
Permissions
Permissions
Permission protection levels
Application level permissions
Component level permissions
Extending Android permissions
Summary
4
Defining the Application's Policy File
Defining the Application's Policy File
The AndroidManifest.xml file
Application policy use cases
Example checklist
Summary
5
Respect Your Users
Respect Your Users
Principles of data security
Identifying assets, threats, and attacks
End-to-end security
Digital rights management
Summary
6
Your Tools – Crypto APIs
Your Tools – Crypto APIs
Terminology
Security providers
Random number generation
Hashing functions
Public key cryptography
Symmetric key cryptography
Message Authentication Codes
Summary
7
Securing Application Data
Securing Application Data
Data storage decisions
User preferences
File
Cache
Database
Account manager
SSL/TLS
Installing an application on an external storage
Summary
8
Android in the Enterprise
Android in the Enterprise
The basics
Understanding the Android ecosystem
Device administration capabilities
Next steps
Summary
9
Testing for Security
Testing for Security
Testing overview
Security testing basics
Sample test case scenarios
Security testing the resources
Summary
10
Looking into the Future
Looking into the Future
Mobile commerce
Proximity technologies
Social networking
Healthcare
Authentication
Advances in hardware
Application architecture
Summary
Index
Index

Foreword

When I first began working at GO Corporation in the early 1990s, the state of the art in mobile computing was an 8-lb, clipboard sized device with minimal battery life and an optional 9600 baud modem. But the vision that drove that device could just as easily be applied to the newest Android and iOS devices released this year: the desire for an integrated, task-centric computing platform with seamless connectivity. Back then, we thought that the height of that vision would be the ability to "send someone a fax from the beach." By the time I helped AOL deliver AIM, its instant messaging client, as one of the launch titles for Apple's iPhone App Store in 2008, that vision was already on its way to becoming a reality. But even at that time, just a few years ago, we couldn't have predicted what a tremendous effect these devices and the app ecosystem they spawned would have on our day-to-day lives.

Today, mobile devices are everywhere. They entertain us, they help us pass the time; and of course, they help us keep in touch (though perhaps not so much through fax). The Android operating system by Google is one of the driving forces behind this revolution, having been adopted by hundreds of device vendors and installed on nearly a billion devices worldwide. But as these mobile devices pervade every corner of our lives, keeping them—and their users—secure becomes critical. That's why this book is so important.

Viruses, Trojan horses, and malware may still be more prevalent on desktop platforms than they are on mobile. But the growth of the mobile market has meant a sharp rise in malicious software; anti-virus maker Kaspersky reports thousands of new programs detected each month. And today's smartphones and tablets represent an irresistible honey pot to the would-be attacker. Personal information, financial data, passwords, and social graphs, even up to the moment location data—everything that makes these devices so valuable to consumers is also what makes them such an attractive target to pranksters and data thieves. As developers, it's our responsibility to be good stewards of the information our users have entrusted to us. And the open and integrated nature of the Android operating system means it's much more important that each of us do our part to secure our applications and services.

Security can't be just a checkbox or an afterthought; it needs to be part of the design, and woven throughout the implementation of your application. I know Pragati Rai understands this intimately, having worked on this problem from both the perspective of the OS and the application developer. That's why she's so well positioned to write this book. She is able to look at the entirety of the Android ecosystem, from device to kernel to application, and present clear and actionable steps developers can take to secure their applications and data, along with source code that illustrates their use and methodologies to test their effectiveness. Moreover, she goes beyond the bits and bytes to explore security policy and best practices that can balance a developer's desire to use personal information with the user's desire to protect it.

The convergence of powerful mobile devices, ubiquitous social media, and the ability to transmit, store, and consume vast quantities of data has raised the stakes for everyone when it comes to mobile security. But security is like the air we breathe; we don't really think about it until it's gone, and by then it's often too late—too late to protect our users, and too late to protect the developer's reputation and business. So, it's critically important for every Android developer to understand the role they play in keeping users safe in this complex and ever-changing landscape.

As a developer and a user myself, I'm thankful that Pragati has taken the time to write such a comprehensive and informative guide to help us navigate this space, and I'm hopeful that her lessons will enable Android developers everywhere to give us the engaging and innovative applications we crave, while maintaining the security and trust we expect and deserve.

Edwin Aoki

Technology Fellow, PayPal

Previous Section
Next Chapter