Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Testing and securing android studio applications
Testing and securing android studio applications

Testing and securing android studio applications: Debug and secure your Android applications with Android Studio

Arrow left icon
Profile Icon Cruz Zapata Profile Icon Antonio Hernández Niñirola
Arrow right icon
€29.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6 (5 Ratings)
Paperback Aug 2014 162 pages 1st Edition
eBook
€20.99 €23.99
Paperback
€29.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Cruz Zapata Profile Icon Antonio Hernández Niñirola
Arrow right icon
€29.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6 (5 Ratings)
Paperback Aug 2014 162 pages 1st Edition
eBook
€20.99 €23.99
Paperback
€29.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
€20.99 €23.99
Paperback
€29.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Testing and securing android studio applications

Chapter 2. Security in Android Applications

You understand the security concepts in software and now you want to discover how those threats and vulnerabilities are applied to a mobile environment. You want to be aware of the special security features in the Android operating system. You are already familiar with Android, but you need to know the components that are critical for its security.

This chapter will show you the challenges that exist in the mobile environment. You will learn about the Android security architecture and about what application sandboxing means. This chapter will show you the main features in Android that will allow you protect your location: permissions and interprocess communication.

We will be covering the following topics in this chapter:

  • Vulnerabilities in the mobile environment
  • Android security overview
  • Permissions
  • Interapplication communication

The mobile environment

Android is an operating system (OS) created for intelligent mobile devices with a touchscreen, such as smartphones or tablets. Knowing the features of a device is important to identify the vulnerabilities that can potentially compromise the integrity, confidentiality, or availability of your application (app).

A smartphone is a connected device and so malicious software can infect it in several ways. The smartphone can communicate with different devices by a wireless or wired connection. For example, it can connect to a computer by a cable or it can connect to another mobile device by a wireless Bluetooth network. These communications allow the user to transfer data, files, or software, which is a possible path to infect the smartphone with malware.

A smartphone is also a connected device in the sense that it can connect to the Internet by cellular networks like 3G or access points via Wi-Fi. Internet is therefore another path of potential threats to the security of...

An overview of Android security

Android provides a secure architecture to protect the system and its applications. Android architecture is structured like a software stack in which each component of a layer accepts that the layer following it is secure. The following figure shows a simplified version of the Android security architecture:

An overview of Android security

Android OS is a multiuser, Linux-based platform in which each app has a different user. Each app has its own user ID (UID) in the Linux kernel that is unique. The UID is assigned by the system and is unknown to the app. Because of the unique UID, Android apps run in separate processes with different permissions. This mechanism is known as application sandboxing. The Android Application Sandbox isolates each application's data and code execution to improve its security and prevent malware. This means that under normal circumstances, you cannot have access to other application's data and other applications do not have access to your application...

Permissions

With application sandboxing, apps cannot access parts of the system without permission, but even with it, Android allows data sharing with other apps or access to some system services. An app needs to request permission to access device data or to access system services. Permissions are a security feature of Android system, but misused permissions make your application vulnerable.

The permission needs of an app are declared in its manifest file. This manifest file is bundled into the app's Android application package (APK), which includes its compiled code along with other resources. The permissions requested in the manifest file (manifest permissions) will be shown to the user when installing the app. The user should review these permissions and accept them to complete the installation process. If the user agrees to them, the protected resources are available to the app.

Tip

Do not request permissions that your app does not need. Reducing the number of permissions makes your...

Interapplication communication

Apps in Android cannot access each other's data directly because of application sandboxing, but Android's system provides some other mechanisms for the applications to communicate with each other. Intents and content providers are mechanisms that we can use on the Java API layer. Intents and content providers should be used carefully to prevent attacks from malware applications. This is the reason why it is important to understand their characteristics.

Intents

Intents are an asynchronous interprocess communication mechanism. Intent is a message that includes the receiver and optional arguments to pass the data. The receiver of Intent can be declared explicitly so that the Intent is sent to a particular component, or it can be declared implicitly so that the Intent is sent to any component that can handle it. Intents are used for intra-application communication (in the same application), or for interapplication communication (in different applications...

Summary

In this chapter, you learned about the vulnerabilities associated with mobile devices—both external and internal. You now understand the Android architecture and the features provided by the system to keep it safe. You now know which components of the Java API layer are vulnerable to attacks, so you can learn how to mitigate them in the next chapters of this book.

In the next chapter, we will start using Android Studio IDE. As the first step to create secure Android applications, you will learn how to monitor Android applications in the debugging environment in order to detect incorrect behaviors.

Left arrow icon Right arrow icon

Description

If you are a developer with some Android knowledge, but you do not know how to test your applications using Android Studio, this book will guide you. It is recommended that you are familiar with Android Studio IDE.

What you will learn

  • Control the execution of your Android application by working with the debugging environment in Android Studio
  • Mitigate the existing vulnerabilities in Android applications
  • Create unit tests to verify the state and behavior of an activity
  • Use local storage and encryption appropriately to preserve the privacy of your application data
  • Ensure that communications between your applications and external servers are safe by protecting network connections
  • Choose the appropriate authentication method for your Android application
  • Set up the test environment to create test cases
  • Create functional tests to check the interaction between components
Estimated delivery fee Deliver to Czechia

Premium delivery 7 - 10 business days

€25.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Aug 25, 2014
Length: 162 pages
Edition : 1st
Language : English
ISBN-13 : 9781783988808
Category :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Czechia

Premium delivery 7 - 10 business days

€25.95
(Includes tracking information)

Product Details

Publication date : Aug 25, 2014
Length: 162 pages
Edition : 1st
Language : English
ISBN-13 : 9781783988808
Category :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 66.98
Android Security Cookbook
€36.99
Testing and securing android studio applications
€29.99
Total 66.98 Stars icon

Table of Contents

12 Chapters
1. Introduction to Software Security Chevron down icon Chevron up icon
2. Security in Android Applications Chevron down icon Chevron up icon
3. Monitoring Your Application Chevron down icon Chevron up icon
4. Mitigating Vulnerabilities Chevron down icon Chevron up icon
5. Preserving Data Privacy Chevron down icon Chevron up icon
6. Securing Communications Chevron down icon Chevron up icon
7. Authentication Methods Chevron down icon Chevron up icon
8. Testing Your Application Chevron down icon Chevron up icon
9. Unit and Functional Tests Chevron down icon Chevron up icon
10. Supporting Tools Chevron down icon Chevron up icon
11. Further Considerations Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(5 Ratings)
5 star 60%
4 star 40%
3 star 0%
2 star 0%
1 star 0%
SuJo Nov 19, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Testing and Securing Android Studio ApplicationsWhat an amazing book, securing applications is so important and yet I find games that are exploitable because they don't follow security practices which result in a terrible experience. There are zero day hacks for many games on both the iOS and Android markets, and this book would be the holy grail for developers for securing their applications. The book was practical and very easy to follow. I enjoyed the coverage over each authentication method, and I was delighted to find out about the HTTPS utilization in applications, I figured it was the de facto standard, boy was I wrong.If you're developing applications then you should pickup a copy of this book, it is a real eye opener. Before I conclude this review it is highly noteworthy to mention the coverage on unit testing, I find many books ignore this completely and shouldn't. I'm very glad this book included it and didn't leave it out!Publisher Link: https://www.packtpub.com/application-development/testing-and-securing-android-studio-applications
Amazon Verified review Amazon
Rossi Pietro Alberto Oct 06, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book is composed by eleven chapters that on the whole are the basis to secure an Android application.The first chapter introduces the various terms of security and the different types of vulnerability that can occur. A very important chapter because it provides the basis to understanding the rest of the book. Also, it describes the various types of tests: unit, integration, validation, system and acceptance.The second chapter describes the architecture of Android operating system and the basics regarding the permission, Intent and content provider, highlighting the possible problems that could occur managing these badly.Android has various tools to monitor of an application. The third chapter introduces the DDMS tool. It includes various tools like Thread monitor, Network Statistics, File Explorer, etc...all are described briefly to get an idea of what the Android SDK provides us.The fourth chapter describes how to make common actions safe, like database communication, avoid SQL Injection, and validation of input.The problem of the privacy is widespread in IT habit and what the fifth chapter suggests is to secure our data, saved on shared preference or storage, encrypting the data themselves. The examples of codes are very explicative and simple to understand.The sixth chapter continues with the file of the previous chapter, adding one more security level over the network connection, recommending the HTTPS protocol that allows us to have encrypt and secure communication.There exists several types of authentication, besides the common username and password. The seventh chapter describes the various types of authentication, based on different factors underlining these phrases: “something the user knows”, for user and password or pin code, “something the user has”, for TOTP, and “something the user is”, for biometric authentication.Also, the chapter describes how to use the AccountManager class to manage the possible account saved on the device.The eighth and nineth chapters talk about testing out-and-out, differentiating between unit tests and functional tests. They start with a simple test project, up to examining all the classes that promote test developing, important to prevent bugs after publishing the application. As a test-developer, reading these chapters is very important to understand how to work with the Android platform.The tenth chapter describes foreign libraries to facilitate the creation of tests, a thing that could speed up the writing of tests.The last chapter explains the possible parts of application to be tested, for example the behaviour without stable internet connection or when to change the orientation of the screen.The book, in its own small way, is great to identify the basic aspects regarding the testing and the safety of the application. Every developer should have a copy of this book in his library. Highly reccomended.
Amazon Verified review Amazon
Alain Couniot Oct 17, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
"Testing and Securing Android Studio Applications" is a book everybody involved in serious Android application development should read. Despite many years spent in various IT roles, with an accent on architecture, methodology and security, I have learned from this book. (And should I add: what I have not learned was nicely and adequately introduced and explained by the authors). Let's be clear: despite addressing all the (too often neglected because considered boring) aspects of professional Android developments, the book is too concise to qualify as a "Bible" in its domain. It won't turn you into an Android Jedi developer (not to say, Ninja ;-) ). However all relevant topics are covered, albeit very briefly, by a well-balanced mix of theory and practical considerations. The book is structured taking the typical application life cycle as a foundation and is very well structured indeed. The authors have succeeded in turning "un-sexy" topics into an interesting reading, with a few examples. Tools and libraries are briefly mentioned (maybe too tersely) and their respective strengths and weaknesses are analysed. A highly recommended reading.
Amazon Verified review Amazon
Shane Nov 05, 2014
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
A robust and secure product plays a major role to success in the Android market place. "Testing and Securing Android Studio Applications". The introduction is at a high level but this book quickly gets into some deeper Android programming techniques. I appreciated how threads were covered in Chapter 3 and found it useful in the application I'm developing. Overall this is a well organized text and an good reference for anyone developing with Android.
Amazon Verified review Amazon
Kevin P Nov 13, 2014
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The usefulness of this book really depends on your Android development skills. I found it a bit too much high level. It touches a lot of interesting things, but then the deep research is left to the reader, which is a pity.I wasn't sure what to expect from the combination of testing and security. Then I figured it actually makes sense, because you need to test the security measures you're taking. But the book does not cover that at all. First there is a high level overview of security and then there is a high level overview of testing, both smacked together into one book.I'm still rating it 4 stars because it can be a very interesting introduction to both these topics for a lot of people. If you've looked into security and testing Android apps a bit yourself, this book is probably not for you.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela