PacktLib: Android Application Security Essentials

Android Application Security Essentials

Credits

Foreword

About the Author

About the Reviewer

www.PacktPub.com

Preface

The Android Security Model – the Big Picture

Installing with care

Android platform architecture

Application signing

Data storage on the device

Crypto APIs

Device Administration

Summary

Application Building Blocks

Application components

Intents

Summary

Permissions

Permission protection levels

Application level permissions

Component level permissions

Extending Android permissions

Summary

Defining the Application's Policy File

The AndroidManifest.xml file

Application policy use cases

Example checklist

Summary

Respect Your Users

Principles of data security

Identifying assets, threats, and attacks

End-to-end security

Digital rights management

Summary

Your Tools – Crypto APIs

Terminology

Security providers

Random number generation

Hashing functions

Public key cryptography

Symmetric key cryptography

Message Authentication Codes

Summary

Securing Application Data

Data storage decisions

User preferences

File

Cache

Database

Account manager

SSL/TLS

Installing an application on an external storage

Summary

Android in the Enterprise

The basics

Understanding the Android ecosystem

Device administration capabilities

Next steps

Summary

Testing for Security

Testing overview

Security testing basics

Sample test case scenarios

Security testing the resources

Summary

Looking into the Future

Mobile commerce

Proximity technologies

Social networking

Healthcare

Authentication

Advances in hardware

Application architecture

Summary

Index