Books & Videos

Table of Contents

  1. Chapter 1 Introduction

    1. Application Security: Why You Should Care

    2. The Current State of Mobile Application Security on Android

    3. Security: Risk = Vulnerability + Threat + Consequences

    4. Evolution of Information Security: Why Applications Matter the Most

    5. Your Role: Protect the Data

    6. Secure Software Development Techniques

    7. Unique Characteristics of Android

    8. Moving On

  2. Chapter 2 Android Architecture

    1. Introduction to the Android Architecture

    2. The Linux Security Model

    3. The Resulting Android Security Model

    4. Application Signing, Attribution, and Attestation

    5. Process Design

    6. Android Filesystem Isolation

    7. Android Preferences and Database Isolation

    8. Moving up the Layers to System API and Component Permissions

  3. Chapter 3 Application Permissions

    1. Android Permission Basics

    2. Using Restricted System APIs and the User Experience

    3. Custom Permissions

  4. Chapter 4 Component Security and Permissions

    1. The Types of Android Components

    2. Intercomponent Signaling Using Intents

    3. Public and Private Components

    4. Imposing Restrictions on Access to Components

    5. Putting It All Together: Securing Communications in a Multi-Tier App

  5. Chapter 5 Protecting Stored Data

    1. The Threats and Vulnerabilities Against Stored Data

    2. Protection Principles

    3. Cryptography Primer: Encryption

    4. Cryptography Primer: Hashing

    5. Cryptographic Practicalities

    6. Key Derivation and Management

    7. Practical Cryptography: Applying a Technique Against a Threat

  6. Chapter 6 Securing Server Interactions

    1. Confidentiality and Authentication

    2. SSL/TLS: The Industry Standard

    3. Protecting Data En Route to Public Services

    4. Protecting Data En Route to Private Services

    5. Threats Against Devices Using Data in Transit

    6. Input Validation: The Central Tenant of Application Security

    7. Preventing Command Injection

  7. Chapter 7 Summary

    1. Key Themes

    2. Wrapping It Up