Android Application Security Essentials
Table of Contents Preface 1 Chapter 1: The Android Security Model – the Big Picture 7 Installing with care 7 Android platform architecture 9 Linux kernel 9 Middleware 11 Dalvik virtual machine 11 Application layer 11 Android application structure 12 Application signing 15 Data storage on the device 15 Crypto APIs 16 Device Administration 17 Summary 17 Chapter 2: Application Building Blocks 19 Application components 19 Activity 20 Activity declaration 20 Saving the Activity state 21 Saving user data 23 Service 23 Service declaration 24 Service modes 25 Lifecycle management 26 Binder 28 Content Provider 29 Provider declaration 30 Other security consideration 33 Table of Contents [ii ] Broadcast Receiver 34 Receiver declaration 35 Secure sending and receiving broadcasts 36 Local broadcasts 37 Intents 38 Explicit Intents 40 Implicit Intent 41 Intent Filter 42 Pending Intent 42 Summary 43 Chapter 3: Permissions 45 Permission protection levels 45 Application level permissions 53 Component level permissions 54 Activity 54 Service 54 Content Provider 55 Broadcast Receiver 56 Extending Android permissions 57 Adding a new permission 57 Creating a permission group 58 Creating a permission tree 59 Summary 60 Chapter 4: Defining the Application's Policy File 61 The AndroidManifest.xml file 61 Application policy use cases 66 Declaring application permissions 66 Declaring permissions for external applications 67 Applications running with the same Linux ID 68 External storage 70 Setting component visibility 72 Debugging 73 Backup 74 Putting it all together 74 Example checklist 75 Application level 76 Component level 77 Summary 78 Table of Contents [iii ] Chapter 5: Respect Your Users 79 Principles of data security 80 Confidentiality 80 Integrity 81 Availability 81 Identifying assets, threats, and attacks 81 What and where to store 86 End-to-end security 87 The mobile ecosystem 88 Three states of data 90 Digital rights management 92 Summary 95 Chapter 6: Your Tools – Crypto APIs 97 Terminology 98 Security providers 99 Random number generation 100 Hashing functions 101 Public key cryptography 103 RSA 104 Key generation 105 Encryption 105 Decryption 106 Padding 106 The Diffie-Hellman algorithm 106 Symmetric key cryptography 108 Stream cipher 109 Block cipher 110 Block cipher modes 111 Electronic Code Book (ECB) 111 Cipher Block Chaining (CBC) 112 Cipher Feedback Chaining (CFB) 113 Output Feedback Mode (OFB) 114 Advanced Encryption Standard (AES) 115 Message Authentication Codes 116 Summary 117 Chapter 7: Securing Application Data 119 Data storage decisions 120 Privacy 120 Data retention 121 Implementation decisions 121 Table of Contents [iv ] User preferences 123 Shared preferences 123 Creating a preference file 123 Writing preference 124 Reading preference 124 Preference Activity 125 File 125 Creating a file 126 Writing to a file 126 Reading from a file 126 File operations on an external storage 127 Cache 128 Database 129 Account manager 131 SSL/TLS 132 Installing an application on an external storage 133 Summary 136 Chapter 8: Android in the Enterprise 137 The basics 138 Understanding the Android ecosystem 138 Device administration capabilities 139 Device administration API 140 Policies 141 DeviceAdminReceiver 142 Protecting data on a device 145 Encryption 146 Backup 147 Secure connection 147 Identity 148 Next steps 149 Device specific decisions 149 Knowing your community 151 Defining boundaries 151 Android compatibility program 151 Rolling out support 152 Policy and compliance 153 FINRA 153 Android Update Alliance 154 Summary 154 Table of Contents [v ] Chapter 9: Testing for Security 155 Testing overview 156 Security testing basics 158 Security tenets 158 Security testing categories 160 Application review 160 Manual testing 161 Dynamic testing 161 Sample test case scenarios 161 Testing on the server 161 Testing the network 162 Securing data in transit 162 Secure storage 162 Validating before acting 162 The principle of least privilege 163 Managing liability 163 Cleaning up 164 Usability versus security 164 Authentication scheme 164 Thinking like a hacker 164 Integrating with caution 164 Security testing the resources 165 OWASP 165 Android utilities 165 Android Debug Bridge 165 Setting up the device 166 SQlite3 166 Dalvik Debug Monitor Service 167 BusyBox 167 Decompile APK 168 Summary 169 Chapter 10: Looking into the Future 171 Mobile commerce 172 Product discovery using a mobile device 172 Mobile payments 173 Configurations 173 PCI Standard 175 Point of Sale 176 Proximity technologies 178 Social networking 178 Table of Contents [vi ] Healthcare 180 Authentication 180 Two-factor authentication 180 Biometrics 181 Advances in hardware 182 Hardware security module 183 TrustZone 184 Mobile trusted module 185 Application architecture 185 Summary 186 Index 187
剩余218页未读,继续阅读
- xzf8400404752014-08-05清晰电子版
- steven_hooke2018-02-19已经过时了
- nothing872015-04-20清晰PDF版,浅显易懂,讲解清晰准确。
- huxuelei20032015-12-21谢谢分享。
- 粉丝: 4
- 资源: 13
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于opencv的dnn模块实现Yolo-Fastest的目标检测python源码+模型+说明(高分项目).zip
- 使用Python调用微信本地ocr服务.zip
- 【精品推荐】人工智能在医疗中的应用.pptx
- 【精品推荐】电子医疗仪器人机接口-(1).ppt
- 【精品推荐】电子医疗仪器人机接口.ppt
- ubuntu镜像ubuntu镜像01
- 基于paddle搭建神经网络实现5种水果识别分类python源码+数据集(高分毕设).zip
- 【精品推荐】电子商务网店类型介绍.ppt
- 基于paddle搭建神经网络实现水果识别分类python源码+数据集(高分项目).zip
- 三菱plc编程口通信学习笔记.doc