Securing Android Applications
This course explores the Android mobile operating system from the perspective of user, application, and server security; and shows experienced Android developers how to apply best practices to secure their applications.
- Understand the security characteristics of mobile computing, and the Android OS in particular.
- Manage application data in a secure fashion.
- Apply appropriate safeguards over entry points to applications, including intent filters, bound services, and broadcast receivers.
- Use cryptography as appropriate, especially in remote communications.
- Manage user credentials, including passwords and issued tokens.
- Mobile OS Security
- Vulnerabilities of Mobile Systems
- Security Overview of Android
- For Comparison: iOS
- Analysis and Areas of Concern
- Digital Signature of Applications
- Rooted Devices
- Best Practices
- The OWASP Mobile Top 10
- Application Security
- Custom Permissions
- Security Configuration
- Storage Models
- Internal Storage
- USB, Bluetooth, WiFi, and External Media
- File System Security
- Encrypted File Systems
- Injection Vulnerabilities
- Inter-Process Communication
- Guarding IPC Entrances
- Services and Broadcast Receivers
- Remote Connectivity
- Remote Connections from Mobile Devices
- The INTERNET Permission
- HTTP and HTTPS Communication
- Keystores and Cryptography
- Username/Password Login
- Managing Credentials
- Managing Token Pairs
Each student in our Live Online and our Onsite classes receives a comprehensive set of materials, including course notes and all the class examples.
Experience in the following is required for this Android class:
Preparing for Class
- Java programming experience is required;
- Introductory knowledge of Android programming is required:
- We recommend intermediate Android programming in advance of this course