Android Application Security Essentials


Android Application Security Essentials
eBook: $26.99
Formats: PDF, PacktLib, ePub and Mobi formats
$22.94
save 15%!
Print + free eBook + free PacktLib access to the book: $71.98    Print cover: $44.99
$44.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Understand Android security from kernel to the application layer
  • Protect components using permissions
  • Safeguard user and corporate data from prying eyes
  • Understand the security implications of mobile payments, NFC, and more

Book Details

Language : English
Paperback : 218 pages [ 235mm x 191mm ]
Release Date : August 2013
ISBN : 1849515603
ISBN 13 : 9781849515603
Author(s) : Pragati Ogal Rai
Topics and Technologies : All Books, Mobile Application Development, Security and Testing, Android, Open Source

Table of Contents

Preface
Chapter 1: The Android Security Model – the Big Picture
Chapter 2: Application Building Blocks
Chapter 3: Permissions
Chapter 4: Defining the Application's Policy File
Chapter 5: Respect Your Users
Chapter 6: Your Tools – Crypto APIs
Chapter 7: Securing Application Data
Chapter 8: Android in the Enterprise
Chapter 9: Testing for Security
Chapter 10: Looking into the Future
Index
  • Chapter 1: The Android Security Model – the Big Picture
    • Installing with care
    • Android platform architecture
      • Linux kernel
      • Middleware
        • Dalvik virtual machine
      • Application layer
        • Android application structure
    • Application signing
    • Data storage on the device
    • Crypto APIs
    • Device Administration
    • Summary
    • Chapter 2: Application Building Blocks
      • Application components
        • Activity
          • Activity declaration
          • Saving the Activity state
          • Saving user data
        • Service
          • Service declaration
          • Service modes
          • Lifecycle management
          • Binder
        • Content Provider
          • Provider declaration
          • Other security consideration
        • Broadcast Receiver
          • Receiver declaration
          • Secure sending and receiving broadcasts
          • Local broadcasts
      • Intents
        • Explicit Intents
        • Implicit Intent
        • Intent Filter
        • Pending Intent
    • Summary
      • Chapter 3: Permissions
        • Permission protection levels
        • Application level permissions
        • Component level permissions
          • Activity
          • Service
          • Content Provider
          • Broadcast Receiver
        • Extending Android permissions
          • Adding a new permission
          • Creating a permission group
          • Creating a permission tree
        • Summary
        • Chapter 4: Defining the Application's Policy File
          • The AndroidManifest.xml file
          • Application policy use cases
            • Declaring application permissions
            • Declaring permissions for external applications
            • Applications running with the same Linux ID
            • External storage
            • Setting component visibility
            • Debugging
            • Backup
            • Putting it all together
          • Example checklist
            • Application level
            • Component level
          • Summary
          • Chapter 5: Respect Your Users
            • Principles of data security
              • Confidentiality
              • Integrity
              • Availability
            • Identifying assets, threats, and attacks
              • What and where to store
            • End-to-end security
              • The mobile ecosystem
              • Three states of data
            • Digital rights management
            • Summary
            • Chapter 6: Your Tools – Crypto APIs
              • Terminology
              • Security providers
              • Random number generation
              • Hashing functions
              • Public key cryptography
                • RSA
                  • Key generation
                  • Encryption
                  • Decryption
                  • Padding
                • The Diffie-Hellman algorithm
              • Symmetric key cryptography
                • Stream cipher
                • Block cipher
                • Block cipher modes
                  • Electronic Code Book (ECB)
                  • Cipher Block Chaining (CBC)
                  • Cipher Feedback Chaining (CFB)
                  • Output Feedback Mode (OFB)
                • Advanced Encryption Standard (AES)
              • Message Authentication Codes
              • Summary
              • Chapter 7: Securing Application Data
                • Data storage decisions
                  • Privacy
                  • Data retention
                  • Implementation decisions
                • User preferences
                  • Shared preferences
                    • Creating a preference file
                    • Writing preference
                    • Reading preference
                  • Preference Activity
                • File
                  • Creating a file
                  • Writing to a file
                  • Reading from a file
                  • File operations on an external storage
                • Cache
                • Database
                • Account manager
                • SSL/TLS
                • Installing an application on an external storage
                • Summary
                • Chapter 8: Android in the Enterprise
                  • The basics
                  • Understanding the Android ecosystem
                  • Device administration capabilities
                    • Device administration API
                      • Policies
                      • DeviceAdminReceiver
                    • Protecting data on a device
                      • Encryption
                      • Backup
                    • Secure connection
                    • Identity
                  • Next steps
                    • Device specific decisions
                    • Knowing your community
                    • Defining boundaries
                      • Android compatibility program
                    • Rolling out support
                    • Policy and compliance
                      • FINRA
                      • Android Update Alliance
                  • Summary
                  • Chapter 9: Testing for Security
                    • Testing overview
                    • Security testing basics
                      • Security tenets
                      • Security testing categories
                        • Application review
                        • Manual testing
                        • Dynamic testing
                    • Sample test case scenarios
                      • Testing on the server
                      • Testing the network
                      • Securing data in transit
                      • Secure storage
                      • Validating before acting
                      • The principle of least privilege
                      • Managing liability
                      • Cleaning up
                      • Usability versus security
                      • Authentication scheme
                      • Thinking like a hacker
                      • Integrating with caution
                    • Security testing the resources
                      • OWASP
                      • Android utilities
                        • Android Debug Bridge
                        • Setting up the device
                        • SQlite3
                        • Dalvik Debug Monitor Service
                      • BusyBox
                      • Decompile APK
                    • Summary
                    • Chapter 10: Looking into the Future
                      • Mobile commerce
                        • Product discovery using a mobile device
                        • Mobile payments
                          • Configurations
                          • PCI Standard
                          • Point of Sale
                      • Proximity technologies
                      • Social networking
                      • Healthcare
                      • Authentication
                        • Two-factor authentication
                        • Biometrics
                      • Advances in hardware
                        • Hardware security module
                        • TrustZone
                        • Mobile trusted module
                      • Application architecture
                      • Summary

                      Pragati Ogal Rai

                      Pragati Ogal Rai is a technologist with more than 14 years of experience in mobile operating systems, mobile security, mobile payments, and mobile commerce. From working as a platform security engineer with Motorola Mobility, to designing and developing PayPal's mobile offerings, she has an extensive end-to-end experience in all aspects of mobile technology.

                      Pragati has a dual Master's in Computer Science and has taught and trained computer science students at different levels. She is a recognized speaker at international technology events.

                      Sorry, we don't have any reviews for this title yet.

                      Submit Errata

                      Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                      Sample chapters

                      You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                      Frequently bought together

                      Android Application Security Essentials +    Oracle Weblogic Server 11gR1 PS2: Administration Essentials =
                      50% Off
                      the second eBook
                      Price for both: $41.55

                      Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                      What you will learn from this book

                      • Get familiar with Android security architecture
                      • Secure Android components using permissions
                      • Implement cryptography algorithms and protocols to secure your data
                      • Protect user information both at rest and in transit
                      • Test apps for security
                      • Understand security considerations for upcoming use cases like NFC and mobile payments
                      • Guard the corporate data of enterprises apps

                      In Detail

                      In today’s techno-savvy world, more and more parts of our lives are going digital, and all this information is accessible anytime and anywhere using mobile devices. It is of the utmost importance that you understand and implement security in your apps that will reduce the likelihood of hazards that will wreck your users' experience.

                      "Android Application Security Essentials" takes a deep look into Android security from kernel to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to overcome the challenge of getting the security of your applications right.

                      "Android Application Security Essentials" will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.
                      We will start by learning the overall security architecture of the Android stack. Securing components with permissions, defining security in a manifest file, cryptographic algorithms and protocols on the Android stack, secure storage, security focused testing, and protecting enterprise data on your device is then also discussed in detail. You will also learn how to be security-aware when integrating newer technologies like NFC and mobile payments into your Android applications.

                      At the end of this book, you will understand Android security at the system level all the way to the nitty-gritty details of application security for securing your Android applications.

                      Approach

                      "Android Application Security Essentials" is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.

                      Who this book is for

                      If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

                      Code Download and Errata
                      Packt Anytime, Anywhere
                      Register Books
                      Print Upgrades
                      eBook Downloads
                      Video Support
                      Contact Us
                      Awards Voting Nominations Previous Winners
                      Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                      Resources
                      Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software