eBook - ePub

Android Application Security Essentials

Name: Android Application Security Essentials
Author: Pragati Ogal Rai

Pragati Ogal Rai,

218 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Android Application Security Essentials

Pragati Ogal Rai,

Book details

Book preview

Table of contents

Citations

About This Book

In Detail

In today's techno-savvy world, more and more parts of our lives are going digital, and all this information is accessible anytime and anywhere using mobile devices. It is of the utmost importance that you understand and implement security in your apps that will reduce the likelihood of hazards that will wreck your users' experience.

"Android Application Security Essentials" takes a deep look into Android security from kernel to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to overcome the challenge of getting the security of your applications right.

"Android Application Security Essentials" will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.
We will start by learning the overall security architecture of the Android stack. Securing components with permissions, defining security in a manifest file, cryptographic algorithms and protocols on the Android stack, secure storage, security focused testing, and protecting enterprise data on your device is then also discussed in detail. You will also learn how to be security-aware when integrating newer technologies like NFC and mobile payments into your Android applications.

At the end of this book, you will understand Android security at the system level all the way to the nitty-gritty details of application security for securing your Android applications.

Approach

"Android Application Security Essentials" is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.

Who this book is for

If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Yes, you can access Android Application Security Essentials by Pragati Ogal Rai in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2013

ISBN

9781849515603

Edition

Topic

Computer Science

Subtopic

Cyber Security

Index

Computer Science

Android Application Security Essentials

Credits

Foreword

About the Author

About the Reviewer

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. The Android Security Model – the Big Picture

Installing with care

Android platform architecture

Linux kernel

Middleware

Dalvik virtual machine

Application layer

Android application structure

Application signing

Data storage on the device

Crypto APIs

Device Administration

Summary

2. Application Building Blocks

Application components

Activity

Activity declaration

Saving the Activity state

Saving user data

Service

Service declaration

Service modes

Lifecycle management

Binder

Content Provider

Provider declaration

Other security consideration

Broadcast Receiver

Receiver declaration

Secure sending and receiving broadcasts

Local broadcasts

Intents

Explicit Intents

Implicit Intent

Intent Filter

Pending Intent

Summary

3. Permissions

Permission protection levels

Application level permissions

Component level permissions

Activity

Service

Content Provider

Broadcast receiver

Extending Android permissions

Adding a new permission

Creating a permission group

Creating a permission tree

Summary

4. Defining the Application's Policy File

The AndroidManifest.xml file

Application policy use cases

Declaring application permissions

Declaring permissions for external applications

Applications running with the same Linux ID

External storage

Setting component visibility

Debugging

Backup

Putting it all together

Example checklist

Application level

Component level

Summary

5. Respect Your Users

Principles of data security

Confidentiality

Integrity

Availability

Identifying assets, threats, and attacks

What and where to store

End-to-end security

The mobile ecosystem

Three states of data

Digital rights management

Summary

6. Your Tools – Crypto APIs

Terminology

Security providers

Random number generation

Hashing functions

Public key cryptography

RSA

Key generation

Encryption

Decryption

Padding

The Diffie-Hellman algorithm

Symmetric key cryptography

Stream cipher

Block cipher

Block cipher modes

Electronic Code Book (ECB)

Cipher Block Chaining (CBC)

Cipher Feedback Chaining (CFB)

Output Feedback Mode (OFB)

Advanced Encryption Standard (AES)

Message Authentication Codes

Summary

7. Securing Application Data

Data storage decisions

Privacy

Data retention

Implementation decisions

User preferences

Shared preferences

Creating a preference file

Writing preference

Reading preference

Preference Activity

File

Creating a file

Writing to a file

Reading from a file

File operations on an external storage

Cache

Database

Account manager

SSL/TLS

Installing an application on an external storage

Summary

8. Android in the Enterprise

The basics

Understanding the Android ecosystem

Device administration capabilities

Device administration API

Policies

DeviceAdminReceiver

Protecting data on a device

Encryption

Backup

Secure connection

Identity

Next steps

Device specific decisions

Knowing your community

Defining boundaries

Android compatibility program

Rolling out support

Policy and compliance

FINRA

Android Update Alliance

Summary

9. Testing for Security

Testing overview

Security testing basics

Security tenets

Security testing categories

Application review

Manual testing

Dynamic testing

Sample test case scenarios

Testing on the server

Testing the network

Securing data in transit

Secure storage

Validating before acting

The principle of least privilege

Managing liability

Cleaning up

Usability versus security

Authentication scheme

Thinking like a hacker

Integrating with caution

Security testing the resources

OWASP

Android utilities

Android Debug Bridge

Setting up the device

SQlite3

Dalvik Debug Monitor Service

BusyBox

Decompile APK

Summary

10. Looking into the Future

Mobile commerce

Product discovery using a mobile device

Mobile payments

Configurations

PCI Standard

Point of Sale

Proximity technologies

Social networking

Healthcare

Authentication

Two-factor authentication

Biometrics

Advances in hardware

Hardware security module

TrustZone

Mobile trusted module

Application architecture

Summary

Index

Android Application Security Essentials

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: August 2013

Production Reference: 1140813

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-84951-560-3

www.packtpub.com

Cover Image by Karl Moore (<[email protected]>)

Credits

Author

Pragati Ogal Rai

Reviewer

Alessandro Parisi

Acquisition Editor

Martin Bell

Lead Technical Editor

Madhuja Chaudhari

Technical Editors

Sampreshita Maheshwari

Larissa Pinto

Project Coordinator

Hardik Patel

Proofreader

Maria Gould

Indexer

Priya Subramani

Graphics

Abhinash Sahu

Ronak Druv

Production Coordinator

Prachali Bhiwandkar

Cover Work

Prachali Bhiwandkar

Foreword

When I first began working at GO Corporation in the early 1990s, the state of the art in mobile computing was an 8-lb, clipboard sized device with minimal battery life and an optional 9600 baud modem. But the vision that drove that device could just as easily be applied to the newest Android and iOS devices released this year: the desire for an integrated, task-centric computing platform with seamless connectivity. Back then, we thought that the height of that vision would be the ability to "send someone a fax from the beach." By the time I helped AOL...