Chapter 7. Summary
Way back in Chapter 1, we talked about what this book would be and why you, as a developer, would want to read it. This book has had a single purpose: to educate developers who are writing applications for the Android platform on how to write those applications to be more secure and robust in the face of attack. We’ve touched on a number of points along the way, so let’s quickly summarize the primary themes we have seen and wrap this book up.
It’s All About Risk
If there has been one primary topic that I hope to have conveyed, it is that security—application security or otherwise—is really risk management. Without the context of risk, security means nothing. When you hear someone say that their application, system, or building is secure, you should immediately think, “Secure against what?” What are the threats that the security features of this system designed to protect against? What are the vulnerabilities that this system may have? And what would be the consequences if one of those vulnerabilities were to be exploited? Until you know the answers to those questions, you cannot judge just how secure anything is. For a typical home in suburban America, you may have good deadbolt locks, strong construction, and a home security system, and you would be pretty secure against most common threats, such as burglary. You are not, however, in any way secure against more exotic threats, such as an attack by a 30-foot tall monster. What are the threats, vulnerabilities, ...