O'Reilly logo

The Mobile Application Hacker's Handbook by Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 9Writing Secure Android Applications

You have explored many different ways to find vulnerabilities in applications and exploit them. This chapter looks at ways you can prevent these vulnerabilities in your applications by implementing the right security mechanisms.

Protections against common vulnerabilities such as code injection, logic flaws, insecure storage, application configuration, insecure communication channels, logging, and others will be explored. Some of these mechanisms may be simple configuration changes and others require changes at the code level.

Principle of Least Exposure

The fewer entry points there are into an application, the smaller the attack surface is. To minimize an application's attack surface, the application developer needs to perform the following tasks iteratively:

  1. Consider all entry points into the application. This involves finding every single portion of the application code that is exposed in some way to input from outside sources.
  2. Remove any entry points that can be. An application that has minimal entry points has already reduced its risk exposure.
  3. If an entry point has to be exposed, perform security checks at the entry points before running any other code.

Application Components

An application should reduce its exported application components down to the essentials. The fewer exported components, the better. In the following application only its main activity is exported so that it can be launched. No other components are ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required