You are previewing Android Apps Security.
O'Reilly logo
Android Apps Security

Book Description

Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps.

This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.

  • Overview of Android OS versions, features, architecture and security.

  • Detailed examination of areas where attacks on applications can take place and what controls should be implemented to protect private user data

  • In-depth guide to data encryption, authentication techniques, enterprise security and applied real-world examples of these concepts

What you'll learn

  • How to identify data that should be secured

  • How to use the Android APIs to ensure confidentiality and integrity of data

  • How to build secure apps for the enterprise

  • About Public Key Infrastructure, encryption APIs and how to implement them in apps

  • About owners, access control lists and permissions to allow user control over App properties

  • About client-server apps and how to manage authentication, transport layer encryption and server-side security

Who this book is for

This book is for intermediate and experienced Android app developers that are already familiar with writing apps from scratch. It discusses mechanisms on how apps can be secured so that private, end-user data is kept secure on the device and while in transit. If you're just embarking on the path to Android development, then this book may prove to be a useful companion to other developer guides.

Table of Contents

  1. Title Page
  2. Dedication
  3. Contents at a Glance
  4. Contents
  5. About the Author
  6. About the Technical Reviewer
  7. Acknowledgments
  8. Chapter 1: Android Architecture
    1. Components of the Android Architecture
    2. What This Book Is About
    3. Security
    4. Android Security Architecture
    5. Summary
  9. Chapter 2: Information: The Foundation of an App
    1. Securing Your Application from Attacks
    2. Project 1:“Proxim” and Data Storage
    3. Classification of Information
    4. Analysis of Code
    5. Reworked Project 1
    6. Exercise
    7. Summary
  10. Chapter 3: Android Security Architecture
    1. Revisiting the System Architecture
    2. Understanding the Permissions Architecture
    3. Checking Permissions
    4. Summary
  11. Chapter 4: Concepts in Action – Part 1
    1. The Proxim Application
    2. Summary
  12. Chapter 5: Data Storage and Cryptography
    1. Public Key Infrastructure
    2. Terms Used in Cryptography
    3. Cryptography in Mobile Applications
    4. Data Storage in Android
    5. Combining Data Storage with Encryption
    6. Summary
  13. Chapter 6: Talking to Web Apps
    1. Preparing Our Environment
    2. HTML, Web Applications, and Web Services
    3. OWASP and Web Attacks
    4. Authentication Techniques
    5. Summary
  14. Chapter 7: Security in the Enterprise
    1. Connectivity
    2. Enterprise Applications
    3. Mobile Middleware
    4. Summary
  15. Chapter 8: Concepts in Action: Part 2
    1. OAuth
    2. Challenge Response
    3. Summary
  16. Chapter 9: Publishing and Selling Your Apps
    1. Developer Registration
    2. Your Apps—Exposed
    3. Should You License?
    4. Android License Verification Library
    5. Licensing Policy
    6. Effective Use of LVL
    7. Obfuscation
    8. Summary
  17. Chapter 10: Malware and Spyware
    1. Four Stages of Malware
    2. Case Study 1: Government Sanctioned Malware
    3. Case Study 2: Retail Malware—FlexiSPY
    4. Anti-Forensics
    5. Summary
  18. Appendix A: Android Permission Constants
    1. Content Provider Classes
  19. Index