Application Security for the Android Platform Book TOC – Free Books Download

Application Security for the Android Platform Book TOC – Free Books Download
Download PDF Click Here

1. Introduction
Application Security: Why You Should Care
The Current State of Mobile Application Security on Android
Security: Risk = Vulnerability + Threat + Consequences
Evolution of Information Security: Why Applications Matter the Most
Your Role: Protect the Data
Secure Software Development Techniques
Unique Characteristics of Android
Moving On
2. Android Architecture .
Introduction to the Android Architecture
The Linux Security Model
The Resulting Android Security Model
Application Signing, Attribution, and Attestation
Process Design
Android Filesystem Isolation
Android Preferences and Database Isolation
Moving up the Layers to System API and Component Permissions
3. Application Permissions .
Android Permission Basics
Using Restricted System APIs and the User Experience
Custom Permissions
4. Component Security and Permissions .
The Types of Android Components
Intercomponent Signaling Using Intents
Public and Private Components
Imposing Restrictions on Access to Components
Securing Activities
Securing Services
Securing Content Providers
Securing Broadcast Intents
Putting It All Together: Securing Communications in a Multi-Tier App
5. Protecting Stored Data .
The Threats and Vulnerabilities Against Stored Data
Vulnerabilities of Stored Data
Threats to, and Mitigations for, Stored Data
Protection Principles
Cryptography Primer: Encryption
Symmetric Encryption
Asymmetric Key Encryption
Cryptography Primer: Hashing
Cryptographic Practicalities
Computational Infeasibility
Algorithm Choice and Key Size
Cipher Operation Modes, Initialization Vectors, and Salt
Public Keys and Their Management
Key Derivation and Management
Motivation
Key Derivation
Encryption Without User-Supplied Key Derivation
Practical Cryptography: Applying a Technique Against a Threat
6. Securing Server Interactions .
Confidentiality and Authentication
SSL/TLS: The Industry Standard
Authentication of the Entities
Encryption of Data
Protecting Data En Route to Public Services
Introducing the Android SSL/TLS Environment
Server Verification
Handling SSL/TLS Connection Errors
Protecting Data En Route to Private Services
Using Only Specific Certificates for SSL/TLS
One Step Further: Using Client-Side Authentication SSL/TLS
Threats Against Devices Using Data in Transit
Input Validation: The Central Tenant of Application Security
Reject-Known-Bad
Accept-Known-Good
Wrapping It Up: Input Validation
Preventing Command Injection
7. Summary .
Key Themes
It’s All About Risk
The Principle of Least Privilege
Use the Permissions System
Android Is an Open Architecture
Get the Cryptography Right
Never Trust User Input
Wrapping It Up