You're reading from Android Application Security Essentials Security has been a bit of a hot topic with Android so this guide is a timely way to ensure your apps are safe. Includes everything from Android security architecture to safeguarding mobile payments.

Product type Paperback

Published in Aug 2013

Publisher Packt

ISBN-13 9781849515603

Length 218 pages

Edition 1st Edition

Languages

Java

Tools

Android

Concepts

Application Security

Author (1):

Pragati Rai

View More author details

Table of Contents (12) Chapters

Preface

1. The Android Security Model – the Big Picture FREE CHAPTER

2. Application Building Blocks

3. Permissions

4. Defining the Application's Policy File

5. Respect Your Users

6. Your Tools – Crypto APIs

7. Securing Application Data

8. Android in the Enterprise

9. Testing for Security

10. Looking into the Future

Index

Installing with care

One of the differentiating factors of Android from other mobile operating systems is the install time review of an application's permissions. All permissions that an application requires have to be declared in the application's manifest file. These permissions are capabilities that an application requires for functioning properly. Examples include accessing the user's contact list, sending SMSs from the phone, making a phone call, and accessing the Internet. Refer Chapter 3, Permissions, for a detailed description of the permissions.

When a user installs an application, all permissions declared in the manifest file are presented to the user. A user then has the option to review the permissions and make an informed decision to install or not to install an application. Users should review these permissions very carefully as this is the only time that a user is asked for permissions. After this step, the user has no control on the application. The best a user can do is to uninstall the application. Refer to the following screenshot for reference. In this example, the application will track or access the user location, it will use the network, read the user's contact list, read the phone state, and will use some development capabilities. When screening this application for security, the user must evaluate if granting a certain power to this application is required or not. If this is a gaming application, it might not need development tool capabilities. If this is an educational application for kids, it should not need access to the contact list or need to access the user location. Also be mindful of the fact that a developer can add their own permissions especially if they want to communicate with other applications that they have developed as well and may be installed on the device. It is the onus of the developer to provide a clear description of such permissions.

At install time, the framework ensures that all permissions used in the application are declared in the manifest file. The OS at runtime then enforces these permissions.

You're reading from Android Application Security Essentials Security has been a bit of a hot topic with Android so this guide is a timely way to ensure your apps are safe. Includes everything from Android security architecture to safeguarding mobile payments.

Table of Contents (12) Chapters

Installing with care

Authors (1)

Personalised recommendations for you