Securing Android Applications

Networking/Server/Operating Systems
Schedules
Optional
  IT Online Library (1 Year Subscription - $1595.00)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions
Overview

This course explores the Android mobile operating system from the perspective of user, application, and server security; and shows experienced Android developers how to apply best practices to secure their applications.

 

Goals
  1. Understand the security characteristics of mobile computing, and the Android OS in particular.
  2. Manage application data in a secure fashion.
  3. Apply appropriate safeguards over entry points to applications, including intent filters, bound services, and broadcast receivers.
  4. Use cryptography as appropriate, especially in remote communications.
  5. Manage user credentials, including passwords and issued tokens.

Outline
  1. Mobile OS Security
    1. Vulnerabilities of Mobile Systems
    2. Security Overview of Android
    3. For Comparison: iOS
    4. Analysis and Areas of Concern
    5. Digital Signature of Applications
    6. Rooted Devices
    7. Clickjacking
    8. Best Practices
    9. The OWASP Mobile Top 10

  2. Application Security
    1. Permissions
    2. Custom Permissions
    3. Security Configuration
    4. Storage Models
    5. Internal Storage
    6. USB, Bluetooth, WiFi, and External Media
    7. File System Security
    8. Encrypted File Systems
    9. Injection Vulnerabilities
    10. Inter-Process Communication
    11. Guarding IPC Entrances
    12. Services and Broadcast Receivers
    13. Logging

  3. Remote Connectivity
    1. Remote Connections from Mobile Devices
    2. The INTERNET Permission
    3. HTTP and HTTPS Communication
    4. Keystores and Cryptography
    5. Username/Password Login
    6. Managing Credentials
    7. HMACs
    8. Managing Token Pairs

Class Materials

Each student in our Live Online and our Onsite classes receives a comprehensive set of materials, including course notes and all the class examples.

 

Class Prerequisites

Experience in the following is required for this Android class:

  • Java programming experience is required;
  • Introductory knowledge of Android programming is required:
  • We recommend intermediate Android programming in advance of this course

Preparing for Class
  • Onsite: Course Setup