Bulletproof Android: Practical Advice For Building Secure Apps

Paperback | December 7, 2014

byGodfrey Nolan

not yet rated|write a review

Battle-Tested Best Practices for Securing Android Apps throughout the Development Lifecycle

 

Android’s immense popularity has made it today’s #1 target for attack: high-profile victims include eHarmony, Facebook, and Delta Airlines, just to name a few. Today, every Android app needs to resist aggressive attacks and protect data, and in Bulletproof Android™, Godfrey Nolan shows you how.

 

Unlike “black hat/gray hat” books, which focus on breaking code, this guide brings together complete best practices for hardening code throughout the entire development lifecycle. Using detailed examples from hundreds of apps he has personally audited, Nolan identifies common “anti-patterns” that expose apps to attack, and then demonstrates more secure solutions.

 

Nolan covers authentication, networking, databases, server attacks, libraries, hardware, and more. He illuminates each technique with code examples, offering expert advice on implementation and trade-offs. Each topic is supported with a complete sample app, which demonstrates real security problems and solutions.

 

Learn how to

  • Apply core practices for securing the platform
  • Protect code, algorithms, and business rules from reverse engineering
  • Eliminate hardcoding of keys, APIs, and other static data
  • Eradicate extraneous data from production APKs
  • Overcome the unique challenges of mobile authentication and login
  • Transmit information securely using SSL
  • Prevent man-in-the-middle attacks
  • Safely store data in SQLite databases
  • Prevent attacks against web servers and services
  • Avoid side-channel data leakage through third-party libraries
  • Secure APKs running on diverse devices and Android versions
  • Achieve HIPAA or FIPS compliance
  • Harden devices with encryption, SELinux, Knox, and MDM
  • Preview emerging attacks and countermeasures

This guide is a perfect complement to Nolan’s Android™ Security Essentials LiveLessons (video training; ISBN-13: 978-0-13-382904-4) and reflects new risks that have been identified since the LiveLessons were released.

Pricing and Purchase Info

$45.99

Out of stock online

From the Publisher

Battle-Tested Best Practices for Securing Android Apps throughout the Development Lifecycle   Android’s immense popularity has made it today’s #1 target for attack: high-profile victims include eHarmony, Facebook, and Delta Airlines, just to name a few. Today, every Android app needs to resist aggressive attacks and protect data, a...

Godfrey Nolan is the founder and president of the mobile and web development company RIIS LLC based in Troy, Michigan, and Belfast, Northern Ireland. This is his fourth book. He has had a healthy obsession with reverse engineering bytecode since he wrote "Decompile Once, Run Anywhere," which first appeared in Web Techniques magazine wa...

other books by Godfrey Nolan

Android Best Practices
Android Best Practices

Paperback|Dec 26 2013

$58.50

Agile Android
Agile Android

Kobo ebook|Nov 25 2015

$20.29 online$26.30list price(save 22%)
Decompiling Android
Decompiling Android

Paperback|Jul 3 2012

$64.94 online$64.95list price
see all books by Godfrey Nolan
Format:PaperbackDimensions:240 pages, 8.9 × 7 × 0.7 inPublished:December 7, 2014Publisher:Pearson EducationLanguage:English

The following ISBNs are associated with this title:

ISBN - 10:0133993329

ISBN - 13:9780133993325

Customer Reviews of Bulletproof Android: Practical Advice For Building Secure Apps

Reviews

Extra Content

Table of Contents

Preface xiii

Acknowledgments xxi

About the Author xxiii

 

Chapter 1: Android Security Issues 1

Why Android? 1

Guidelines 7

Securing the Device 17

Conclusion 18

 

Chapter 2: Protecting Your Code 19

Looking into the classes.dex File 19

Obfuscation Best Practices 24

Smali 39

Hiding Business Rules in the NDK 48

Conclusion 49

 

Chapter 3: Authentication 51

Secure Logins 51

Understanding Best Practices for

User Authentication and Account Validation 54

Application Licensing with LVL 65

OAuth 77

User Behavior 84

Conclusion 86

 

Chapter 4: Network Communication 87

HTTP(S) Connection 88

Symmetric Keys 92

Asymmetric Keys 94

Ineffective SSL 99

Conclusion 107

 

Chapter 5: Android Databases 109

Android Database Security Issues 109

SQLite 110

SQLCipher 116

Hiding the Key 120

SQL Injection 127

Conclusion 129

 

Chapter 6: Web Server Attacks 131

Web Services 131

Cross Platform 135

WebView Attacks 140

Cloud 146

Conclusion 150

 

Chapter 7: Third-Party Library Integration 151

Transferring the Risk 152

Permissions 152

Installing Third-Party Apps 154

Trust but Verify 160

Conclusion 165

 

Chapter 8: Device Security 167

Wiping Your Device 168

Fragmentation 168

Device Encryption 172

SEAndroid 174

FIPS 140-2 176

Mobile Device Management 177

Conclusion 178

 

Chapter 9: The Future 179

More Sophisticated Attacks 179

Internet of Things 186

Audits and Compliance 188

Tools 190

Conclusion 194

 

Index 195