Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible. Overview of Android OS versions, features, architecture and security. Detailed examination of areas where attacks on applications can take place and what controls should be implemented to protect private user data In-depth guide to data encryption, authentication techniques, enterprise security and applied real-world examples of these concepts.
Title Page; Copyright Page; Contents at a Glance; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Chapter 1: Android Architecture; Components of the Android Architecture; The Kernel; The Libraries; The Dalvik Virtual Machine; The Application Framework; The Applications; What This Book Is About; Security; Protect Your User; Security Risks; Android Security Architecture; Privilege Separation; Permissions; Application Code Signing; Summary; Chapter 2: Information: The Foundation of an App; Securing Your Application from Attacks; Indirect Attacks Direct AttacksProject 1:"Proxim" and Data Storage; Classification of Information; What Is Personal Information?; What Is Sensitive Information?; Analysis of Code; Where to Implement Encryption; Results of Encryption; Reworked Project 1; Exercise; Summary; Chapter 3: Android Security Architecture; Revisiting the System Architecture; Understanding the Permissions Architecture; Content Providers; Intents; Checking Permissions; Using Self-Defined Permissions; Protection Levels; Sample Code for Custom Permissions; Summary; Chapter 4: Concepts in Action - Part 1; The Proxim Application; Summary Chapter 5: Data Storage and CryptographyPublic Key Infrastructure; Terms Used in Cryptography; Cryptography in Mobile Applications; Symmetric Key Algorithms; Key Generation; Data Padding; Modes of Operation for Block Ciphers; Data Storage in Android; Shared Preferences; Internal Storage; SQLite Databases; Combining Data Storage with Encryption; Summary; Chapter 6: Talking to Web Apps; Preparing Our Environment; HTML, Web Applications, and Web Services; Components in a Web Application; Login Process; Web App Technology; OWASP and Web Attacks; Authentication Techniques; Self-Signed Certificates Man-in-the-Middle AttackOAuth; Challenge/Response with Cryptography; Summary; Chapter 7: Security in the Enterprise; Connectivity; Enterprise Applications; Mobile Middleware; Database Access; Data Representation; Summary; Chapter 8: Concepts in Action: Part 2; OAuth; Retrieving the Token; Handling Authorization; Challenge Response; Summary; Chapter 9: Publishing and Selling Your Apps; Developer Registration; Your Apps-Exposed; Available for Download; Reverse Engineering; Should You License?; Android License Verification Library; Download the Google API Add-On Copy LVL Sources to a Separate DirectoryImport LVL Source As a Library Project; Building and Including LVL in our app; Licensing Policy; Effective Use of LVL; Obfuscation; Summary; Chapter 10: Malware and Spyware; Four Stages of Malware; Infection; Compromise; Spread; Exfiltration; Case Study 1: Government Sanctioned Malware; Infection; Compromise; Spread; Exfiltration; Detection; Case Study 2: Retail Malware-FlexiSPY; Anti-Forensics; Summary; Appendix A: Android Permission Constants; Content Provider Classes; Index