This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.
PDF The popular standard, used most often with the free Adobe® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Also available in other formats.
Register your product to gain access to bonus material or receive a coupon.
Battle-Tested Best Practices for Securing Android Apps throughout the Development Lifecycle
Android’s immense popularity has made it today’s #1 target for attack: high-profile victims include eHarmony, Facebook, and Delta Airlines, just to name a few. Today, every Android app needs to resist aggressive attacks and protect data, and in Bulletproof Android™, Godfrey Nolan shows you how.
Unlike “black hat/gray hat” books, which focus on breaking code, this guide brings together complete best practices for hardening code throughout the entire development lifecycle. Using detailed examples from hundreds of apps he has personally audited, Nolan identifies common “anti-patterns” that expose apps to attack, and then demonstrates more secure solutions.
Nolan covers authentication, networking, databases, server attacks, libraries, hardware, and more. He illuminates each technique with code examples, offering expert advice on implementation and trade-offs. Each topic is supported with a complete sample app, which demonstrates real security problems and solutions.
Learn how to
This guide is a perfect complement to Nolan’s Android™ Security Essentials LiveLessons (video training; ISBN-13: 978-0-13-382904-4) and reflects new risks that have been identified since the LiveLessons were released.
About the Author xxiii
Chapter 1: Android Security Issues 1
Why Android? 1
Securing the Device 17
Chapter 2: Protecting Your Code 19
Looking into the classes.dex File 19
Obfuscation Best Practices 24
Hiding Business Rules in the NDK 48
Chapter 3: Authentication 51
Secure Logins 51
Understanding Best Practices for
User Authentication and Account Validation 54
Application Licensing with LVL 65
User Behavior 84
Chapter 4: Network Communication 87
HTTP(S) Connection 88
Symmetric Keys 92
Asymmetric Keys 94
Ineffective SSL 99
Chapter 5: Android Databases 109
Android Database Security Issues 109
Hiding the Key 120
SQL Injection 127
Chapter 6: Web Server Attacks 131
Web Services 131
Cross Platform 135
WebView Attacks 140
Chapter 7: Third-Party Library Integration 151
Transferring the Risk 152
Installing Third-Party Apps 154
Trust but Verify 160
Chapter 8: Device Security 167
Wiping Your Device 168
Device Encryption 172
FIPS 140-2 176
Mobile Device Management 177
Chapter 9: The Future 179
More Sophisticated Attacks 179
Internet of Things 186
Audits and Compliance 188