6. Web Server Attacks
It might seem odd that a book on Android development has a chapter on web server attacks. The majority of the Android apps that we’ve audited have a significant server component.
The mantra in this book so far has been: Do not put anything of value on the client. But this is all in vain if the server is not secure. You need to make sure that the back door, as well as the front door, is secure.
Hacking into a mobile app, a website, or an ATM usually involves finding something that should be locked down but for some reason isn’t. For example, in the last chapter we talked about an app that had encrypted passwords in the shared preferences but left the same password unencrypted in the SQLite database. So even if the encryption ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
