Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Android Application Security Essentials
Android Application Security Essentials

Android Application Security Essentials: Security has been a bit of a hot topic with Android so this guide is a timely way to ensure your apps are safe. Includes everything from Android security architecture to safeguarding mobile payments.

eBook
$25.99 $28.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Android Application Security Essentials

Chapter 2. Application Building Blocks

This chapter focuses on the building blocks of an Android application, namely, the application components and the inter-component communication. There are four types of components in the Android system: Activities, Services, Broadcast Receivers, and Content Providers. Each component is specially designed to accomplish a specific task. A collection of these components makes an Android application. These components talk to each other using Intents which is Android's mechanism for inter-process communication.

There are several books that discuss how to build Android components and Intents. In fact, the Android developer website does a pretty good job introducing programming using these components as well. So in this chapter, instead of covering the implementation details, our objective is to discuss the security aspects of each component and how to define and use component and Intents securely in an application to protect our reputation...

Application components

As we have briefly touched in Chapter 1, Android Security Model – the Big Picture, an Android application is a loosely bound stack of application components. Application components, manifest file, and application resources are packaged in an Application Package Format .apk file. An APK file is essentially a ZIP file formatted in JAR file format. The Android system only recognizes the APK format, so all packages have to be in the APK format to be installed on the Android device. An APK file is then signed with the developer's signature to assert the authorship. The PackageManager class handles the task of installing and uninstalling the application.

In this section, we will talk about the security of each of the components in detail. This includes the declaration of a component in the manifest file, so we prune loose ends and other security considerations that are unique to each component.

Activity

An Activity is the application component that usually interacts...

Intents

Intents are Android's mechanism for inter-component communication. Intents are asynchronous so components fire them off and it is the onus of the receiving component to validate the incoming Intent's data and act upon it. Intents are used by the Android system for starting an Activity or Service, for communicating with a Service, to broadcast events or changes, for receiving notifications using pending Intents, and to query the Content Provider.

There are different mechanisms to handle Intents for each component. So, the Intents sent out to Activities, Services, and Broadcast Receivers are only sent to their respective counterparts by the Android system. For example, an event sent out to start an Activity using Context.startActivity() will resolve only Activities matching the Intent criterion. Similarly, a broadcast sent out using Context.sendBroadcast() will be received only by receivers and not by other components.

Before an Intent is sent out, it is important to check...

Summary

In this chapter, we reviewed the four components of an Android system—Activities, Services, Content Providers, and Broadcast Receivers, and inter-component communication mechanisms—Intents and Binders. Security begins with secure declaration of these components. As is the general rule with security, exposing the minimum is always a good idea. All Android components are protected by permissions. Intents are asynchronous components and should always validate their input. Intent Filters are a good way to reduce the attack surface of an application, but an explicit Intent can still send Intents to it. Now that we understand the Android components and communication mechanism, let's move on to the next chapter to review Android permissions in detail.

Left arrow icon Right arrow icon

Key benefits

  • Understand Android security from kernel to the application layer
  • Protect components using permissions
  • Safeguard user and corporate data from prying eyes
  • Understand the security implications of mobile payments, NFC, and more

Description

In today's techno-savvy world, more and more parts of our lives are going digital, and all this information is accessible anytime and anywhere using mobile devices. It is of the utmost importance that you understand and implement security in your apps that will reduce the likelihood of hazards that will wreck your users' experience. "Android Application Security Essentials" takes a deep look into Android security from kernel to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to overcome the challenge of getting the security of your applications right. "Android Application Security Essentials" will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.We will start by learning the overall security architecture of the Android stack. Securing components with permissions, defining security in a manifest file, cryptographic algorithms and protocols on the Android stack, secure storage, security focused testing, and protecting enterprise data on your device is then also discussed in detail. You will also learn how to be security-aware when integrating newer technologies like NFC and mobile payments into your Android applications. At the end of this book, you will understand Android security at the system level all the way to the nitty-gritty details of application security for securing your Android applications.

Who is this book for?

If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

What you will learn

  • Get familiar with Android security architecture
  • Secure Android components using permissions
  • Implement cryptography algorithms and protocols to secure your data
  • Protect user information both at rest and in transit
  • Test apps for security
  • Understand security considerations for upcoming use cases like NFC and mobile payments
  • Guard the corporate data of enterprises apps

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Aug 21, 2013
Length: 218 pages
Edition : 1st
Language : English
ISBN-13 : 9781849515610
Vendor :
Google
Category :
Languages :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Aug 21, 2013
Length: 218 pages
Edition : 1st
Language : English
ISBN-13 : 9781849515610
Vendor :
Google
Category :
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 141.97
Android Application Security Essentials
$48.99
Android Security Cookbook
$48.99
Asynchronous Android
$43.99
Total $ 141.97 Stars icon

Table of Contents

11 Chapters
1. The Android Security Model – the Big Picture Chevron down icon Chevron up icon
2. Application Building Blocks Chevron down icon Chevron up icon
3. Permissions Chevron down icon Chevron up icon
4. Defining the Application's Policy File Chevron down icon Chevron up icon
5. Respect Your Users Chevron down icon Chevron up icon
6. Your Tools – Crypto APIs Chevron down icon Chevron up icon
7. Securing Application Data Chevron down icon Chevron up icon
8. Android in the Enterprise Chevron down icon Chevron up icon
9. Testing for Security Chevron down icon Chevron up icon
10. Looking into the Future Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
(2 Ratings)
5 star 0%
4 star 100%
3 star 0%
2 star 0%
1 star 0%
Shaju Mathew Feb 17, 2014
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The first four chapters are rudimentary, with some specific topics not discussed commonly in other books such as: how to share data across multiple packages by running as the same user-id, underlying Linux kernel & dalvik details, binder mechanism. The second half of the book(Chapter 6 - 10) are specific to Android Security. Chapter 5 gets into Android mobile security aspects in detail, and discusses relevant topics such as storage, DRM(applicable to tablet streaming devices/applications like the Kindle, netflix). Chapter 6 deals with encryption, RSA hash, etc that are relevant to real-world android applications. Chapter 7 reviews mechanisms to do property-store & caching using native Android features. Chapter 8 discusses DeviceAdmin features, and Chapter 9 focuses on security-focused testing. The last chapter discusses futuristic advances in the field.Overall, a useful book with a focus on security aspects on Android.
Amazon Verified review Amazon
Luca Morettoni Dec 07, 2013
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
I don't totally agree with the author in the section "Who this book is for" where she wrote "This book is an excellent resource for anyone interested in mobile security", I think every developer (not only the Android ones) need to develop every piece of code with the security concepts in mind!Our application need to be fast, beautiful but also secure! Think about all the personal information that we have in out phone or tablet, open any possible door to malicious apps could be a nightmare!In the book, after a brief introduction on Android application concepts, you start to analize every part of an application under the security point of view, in the book you can also find two good chapters about the crypto API and the security tests. I hope in the future editions of the book the author could expand this two parts with more examples and code snippets!The best chapter is the 7th, about the securing of application data. Every Android application store a lot of user information and is very easy to loose your device: if you're working on an application that store credit card informations or other sensible data (like medical informations or enterprise access tokens) this chapter will drive you to choice which information store and how to secure the storage!At the end of the book you have also a very nice chapter about the "future" of the mobile system and some discussion about the security perspective.Finally, the book is a good reading about the security over Android application, is not the reference guide about crypto API but is a great reading about security best practices.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.