O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Testing and Securing Android Studio Applications

Book Description

Debug and secure your Android applications with Android Studio

In Detail

Today, mobile applications are increasingly being used to access the Web. Mobile developers play a key role in how consumers access the Web with millions of people depending on them to create secure and functional applications. This book, beginning with the fundamentals of Android security, will guide you through the process of creating a secure and debugged application. We will look at the Android Studio development environment and take you through the steps needed to protect your local data and secure your network communications.

Initially covering the threats, risks, and vulnerabilities in software and in the Android environment, this book will then dig deeper, exploring different types of authentication methods that can be adopted in your Android application. You will be introduced to techniques and classes to test your application, before finally learning about supporting tools that will help you to improve your application.

By the end of this book, your Android application will be debugged and secure and you will be able to apply what you've learned to further application projects.

What You Will Learn

  • Control the execution of your Android application by working with the debugging environment in Android Studio
  • Mitigate the existing vulnerabilities in Android applications
  • Create unit tests to verify the state and behavior of an activity
  • Use local storage and encryption appropriately to preserve the privacy of your application data
  • Ensure that communications between your applications and external servers are safe by protecting network connections
  • Choose the appropriate authentication method for your Android application
  • Set up the test environment to create test cases
  • Create functional tests to check the interaction between components

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Testing and Securing Android Studio Applications
    1. Table of Contents
    2. Testing and Securing Android Studio Applications
    3. Credits
    4. About the Authors
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Introduction to Software Security
      1. Software security terms
      2. Threats, vulnerabilities, and risks
        1. Threat
        2. Vulnerability
        3. Risk
      3. Secure code-design principles
      4. Testing the basics
      5. Summary
    9. 2. Security in Android Applications
      1. The mobile environment
      2. An overview of Android security
      3. Permissions
      4. Interapplication communication
        1. Intents
        2. Content providers
      5. Summary
    10. 3. Monitoring Your Application
      1. Debugging and DDMS
      2. Threads
      3. Method profiling
      4. Heap
      5. Allocation Tracker
      6. Network Statistics
      7. File Explorer
      8. Emulator Control
      9. System Information
      10. Summary
    11. 4. Mitigating Vulnerabilities
      1. Input validation
        1. SQL injection
      2. Permissions
      3. Handling a user's data and credentials
      4. Interapplication communication
        1. Securing Intents
        2. Securing the content providers
      5. Summary
    12. 5. Preserving Data Privacy
      1. Data privacy
        1. Shared preferences
        2. Files in the internal storage
        3. Files in the external storage
        4. The database storage
      2. Encryption
        1. The encryption methods
        2. Generating a key
      3. Using encryption to store data
      4. Summary
    13. 6. Securing Communications
      1. HTTPS
        1. SSL and TLS
        2. Server and client certificates
        3. Keytool in the terminal
        4. Android Studio
      2. Code examples using HTTPS
      3. Summary
    14. 7. Authentication Methods
      1. Multifactor authentication
        1. The knowledge factor
        2. The possession factor
        3. The inherence factor
      2. Login implementations
      3. AccountManager
      4. Summary
    15. 8. Testing Your Application
      1. Testing in Android
      2. Testing the UI
        1. The uiautomator API
          1. The UiDevice class
          2. The UiSelector class
          3. The UiObject class
          4. The UiCollection class
          5. The UiScrollable class
        2. The uiautomatorviewer tool
      3. The UI test project
      4. Running UI test cases
      5. Summary
    16. 9. Unit and Functional Tests
      1. Testing activities
        1. The test case classes
        2. Instrumentation
        3. The test case methods
        4. The Assert class and method
          1. The ViewAsserts class
          2. The MoreAsserts class
        5. UI testing and TouchUtils
        6. The mock object classes
      2. Creating an activity test
        1. Creating a unit test
          1. The unit test setup
          2. The clock test
          3. The layout test
          4. The activity Intent test
        2. Creating a functional test
          1. The functional test setup
          2. The UI test
          3. The activity Intent test
          4. The state management test
        3. Getting the results
      3. Summary
    17. 10. Supporting Tools
      1. Tools for unit testing
        1. Spoon
        2. Mockito
        3. Android Mock
        4. FEST Android
        5. Robolectric
      2. Tools for functional testing
        1. Robotium
        2. Espresso
        3. Appium
        4. Calabash
        5. MonkeyTalk
        6. Bot-bot
        7. Monkey
        8. Wireshark
      3. Other tools
        1. Genymotion
      4. Summary
    18. 11. Further Considerations
      1. What to test
        1. Network access
        2. Media availability
        3. Change in orientation
        4. Service and content provider testing
      2. Developer options
      3. Getting help
      4. Summary
    19. Index