Securing Android Applications – 1 Day
Course Description
Securing Android Applications explores the Android mobile operating system from the perspective of user, application, and server security; and shows experienced Android developers how to apply best practices to secure their applications
What You Will Learn
- Understand the security characteristics of mobile computing, and the Android OS in particular.
- Manage application data in a secure fashion.
- Apply appropriate safeguards over entry points to applications, including intent filters, bound services, and broadcast receivers.
- Use cryptography as appropriate, especially in remote communications.
- Manage user credentials, including passwords and issued tokens.
Prerequisites
- Java programming is excellent preparation.
- Introductory knowledge of Android programming is required: “Introduction to Android Development,” or similar
- We recommend intermediate Android programming in advance of this course — “Intermediate Android Development” would be ideal — but this is not required.
Outline
Chapter 1. Mobile OS Security
- Vulnerabilities of Mobile Systems
- Security Overview of Android
- For Comparison: iOS
- Analysis and Areas of Concern
- Digital Signature of Applications
- Rooted Devices
- Clickjacking
- Best Practices
- The OWASP Mobile Top 10
Chapter 2. Application Security
- Permissions
- Custom Permissions
- Security Configuration
- Storage Models
- Internal Storage
- USB, Bluetooth, WiFi, and External Media
- File System Security
- Encrypted File Systems
- Injection Vulnerabilities
- Inter-Process Communication
- Guarding IPC Entrances
- Services and Broadcast Receivers
- Logging
Chapter 3. Remote Connectivity
- Remote Connections from Mobile Devices
- The INTERNET Permission
- HTTP and HTTPS Communication
- Keystores and Cryptography
- Username/Password Login
- Managing Credentials
- HMACs
- Managing Token Pairs
Appendix A. Learning Resources
IDE Support: Eclipse Juno
In addition to the primary lab files, an optional overlay is available that adds support for Eclipse Juno. Students can code, build, deploy, and test all exercises from within the IDE. We make full use of the Android SDK and its Eclipse plugin and device emulators.
System Requirements
| Hardware Requirements (Minimum) | Core i5, 1.5 GHz, 4 gig RAM, 1 gig disk space. |
| Hardware Requirements (Recommended) | Core i5, 2.5 GHz GHz, 8 gig RAM, 1 gig disk space. |
| Operating System | Tested on Windows 7. Course software should be viable on all systems which support a Java 6 Developer’s Kit. |
| Network and Security | Limited privileges required. |
| Software Requirements | All free downloadable tools. |
