Application Security for the Android Platform
Processes, Permissions, and Other Safeguards
Publisher: O'Reilly Media
Final Release Date: December 2011
Pages: 114

With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data.

How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues.

  • Examine Android’s architecture and security model, and how it isolates the filesystem and database
  • Learn how to use Android permissions and restricted system APIs
  • Explore Android component types, and learn how to secure communications in a multi-tier app
  • Use cryptographic tools to protect data stored on an Android device
  • Secure the data transmitted from the device to other parties, including the servers that interact with your app
Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyApplication Security for the Android Platform
 
2.8

(based on 4 reviews)

Ratings Distribution

  • 5 Stars

     

    (1)

  • 4 Stars

     

    (1)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (2)

50%

of respondents would recommend this to a friend.

Pros

No Pros

Cons

No Cons

Best Uses

  • Novice (3)

Reviewed by 4 customers

Displaying reviews 1-4

Back to top

 
5.0

good intro to android security

By sjs

from santa rosa, ca

About Me Developer

Verified Reviewer

Pros

  • Accurate
  • Concise
  • Easy to understand
  • Helpful examples
  • Well-written

Cons

    Best Uses

    • Intermediate
    • Novice

    Comments about oreilly Application Security for the Android Platform:

    Yes -- as two other reviews said, this book is very basic. If that's what you are looking for, this book is a great place to start. It discusses the android architecture and how it differs from the standard Linux that Android sits on top of. It discusses how the security model is implemented. It has good examples and while it is a very high-level, brief overview, that's exactly what I was looking for.
    I was looking specificly for how to implement simple file encryption and it told me exactly what I needed to know both to implement the encryption and what to not do. It was exactly what I needed to get from standard Java and a basic understanding of cryptography very generic application security into understanding the basics for Android.

    (1 of 3 customers found this review helpful)

     
    1.0

    THIS THE VERY BASIC

    By Tian Chavez

    from CA

    About Me Developer

    Verified Reviewer

    Pros

      Cons

      • Not comprehensive enough
      • Too basic

      Best Uses

      • Novice
      • Student

      Comments about oreilly Application Security for the Android Platform:

      Too basic it not useful

      (1 of 7 customers found this review helpful)

       
      1.0

      A good primer; Not much depth

      By BG

      from Atlanta, GA

      About Me Hacker

      Verified Reviewer

      Pros

        Cons

        • Not comprehensive enough
        • Too basic

        Best Uses

        • Novice
        • Student

        Comments about oreilly Application Security for the Android Platform:

        Too basic

        (9 of 9 customers found this review helpful)

         
        4.0

        All app security aspects in one place

        By Ulf

        from Germany

        Verified Reviewer

        Pros

        • Accurate
        • Concise
        • Helpful examples

        Cons

          Best Uses

            Comments about oreilly Application Security for the Android Platform:

            While it's tempting to think that a mobile phone is a safer environment than, say, a web app, the reality is that it's becoming less so, if it ever was that in the first place. Malware of various kinds is just as much of a threat to a mobile app as to a web app, particularly in an ecosystem as open as Android.

            This book ties together the different aspects that an Android app developer needs to consider when releasing an app into the wild (like through Google's Android Market). It covers the underlying OS architecture, where many app privileges are based on Linux file permissions, and then proceeds to the application permissions that govern capabilities granted to an app, like access to GPS location, use of internet connectivity, and access to SD card data. The latter will be familiar to anyone who's written an Android app, since they need to be listed explicitly in each app's manifest file. The next chapter covers the interprocess communication that allows apps to make use of other apps capabilities and permissions - Intents, BroadcastReceivers and ContentProviders. While the how of those is generally covered extensively, the security aspects tend to get overlooked; but not here. The last couple of chapters deal with securing sensitive data stored on the device, and with the internet connectivity that most mobile apps do in some form, and to which the same network security principles apply as for web apps (SSL encryption and mutual authentication). Those chapters delve deeply into Java's JCE API.

            Overall I found the book easy to follow along, with plenty of code examples to study. The chapters can be read largely independently of one another, but at a length of not much more than 100 pages one might as well read the book in whole. While parts of the book will be familiar to a seasoned Java developer, and some parts have been covered widely online, this reviewer thinks it's still useful to have it all in one place, so as better to start thinking about app security as a whole, not as individual pieces to be used as is convenient - the threats are multiple, and an app is only as strong as its weakest point. Once it's out there on a device, it's subject to much more extensive probing than would be possible for a web app. Better to get its security story straight.

            (Disclosure: I received a courtesy copy of this book from the author.)

            Displaying reviews 1-4

            Back to top

             
            Buy 2 Get 1 Free Free Shipping Guarantee
            Buying Options
            Immediate Access - Go Digital what's this?
            Ebook:  $13.99
            Formats:  DAISY, ePub, Mobi, PDF
            Print & Ebook:  $19.79
            Print:  $17.99