Application Security for the Android Platform

Preface

The purpose of this book is to convey vital knowledge about application security to developers working on the Android platform, to enable the development of robust, rugged, and more secure applications.

While application security knowledge and skills have matured rapidly over the past couple of years, that knowledge is still scattered in a huge number of diverse locations. As of now, no single resource has existed that a developer with some experience in developing Android applications could turn to in order to understand the more important topics within the application security space and to find guidance on how to make their applications more secure. If you are such a developer, you’ll find the key points of application security that you need to know to develop secure applications laid out in a succinct and actionable manner. If you are an experienced security engineer or practitioner, you’ll find a summary of the unique characteristics of Android that you need to know to work within this environment. In short, this book enables the development of secure applications for the Android platform, whatever your background.

Organization of the Book

Although the chapters cover different topics, they have been arranged so that the concepts and techniques in earlier chapters form a foundation for the others.

Chapter 1, Introduction: Lays out the importance of this topic, and perhaps scares you a bit, so as to motivate you to read the book.
Chapter 2, Android Architecture: Describes the way Android differs from other common systems, notably desktop systems, and how its architecture both enables security and requires you to work with its unique structure.
Chapter 3, Application Permissions: Looks behind the familiar list of permissions that users see when adding applications to their devices, and shows how to use the system robustly without overwhelming the user.
Chapter 4, Component Security and Permissions: Takes the permissions system to a finer granularity by showing how components such as Content Providers and Services can grant limited access to their data and functions.
Chapter 5, Protecting Stored Data: Treats the critical topic of encrypting data so that it is secure even if the user or a thief can bypass other application security controls provided by Android (or when such controls do not apply).
Chapter 6, Securing Server Interactions: Shows how you can protect the interactions between your application and the servers it communicates with.
Chapter 7, Summary: Focuses on the key take-aways from the book.

Conventions Used in This Book

The following typographical conventions are used in this book:

Italic: Indicates new terms, URLs, email addresses, filenames, and file extensions.
Constant width: Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, and environment variables.
Constant width bold: Shows commands or other text that should be typed literally by the user.
Constant width italic: Shows text that should be replaced with user-supplied values or by values determined by context.

Tip

This icon signifies a tip, suggestion, or general note.

Caution

This icon indicates a warning or caution.

Using Code Examples

This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.

We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Application Security for the Android Platform by Jeff Six (O’Reilly). Copyright 2012 Jeff Six, 978-1-449315-078.”

If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com.

Safari® Books Online

Note

Safari Books Online is an on-demand digital library that lets you easily search over 7,500 technology and creative reference books and videos to find the answers you need quickly.

With a subscription, you can read any page and watch any video from our library online. Read books on your cell phone and mobile devices. Access new titles before they are available for print, and get exclusive access to manuscripts in development and post feedback for the authors. Copy and paste code samples, organize your favorites, download chapters, bookmark key sections, create notes, print out pages, and benefit from tons of other time-saving features.

O’Reilly Media has uploaded this book to the Safari Books Online service. To have full digital access to this book and others on similar topics from O’Reilly and other publishers, sign up for free at http://my.safaribooksonline.com.