Secure Android Design and Development
Secure Android Design and Development
From App Layer to HAL – Aligned with Android 15
About the Book
"Secure Android Design & Development" is a guideline for developers working with Android in various sectors, including automotive and mobile devices. This book deepens your understanding of system security architecture, which is crucial for effective design, development, and security.
It covers key principles and thoroughly examines Android's layered security model. With practical scenarios and tools for threat assessment, this guide empowers developers to create secure and resilient applications for any Android-enabled platform.
- Comprehensive Coverage: Explore essential security principles and methodologies tailored for Android development across various industries, including automotive and mobile devices.
- System-Level Security Insights: Gain a deeper understanding of system security architecture, enhancing your ability to design, develop, and secure robust applications.
- Practical Guidance: Benefit from real-world scenarios and actionable strategies to effectively address security challenges through best practices.
- Threat Assessment Tools: Learn to utilize modern tools and techniques for threat modeling throughout the development lifecycle.
- For All Developers: Suitable for seasoned professionals and newcomers, making security concepts accessible and applicable.
- Aligns with Android 15
Secure Android Development Guide – Best Practices for Android App Security
About the Author
Team Discounts
Get a team discount on this book!
Table of Contents
- Acknowledgments
- Brief
- The story of the book
- No magic at all!
- How to read the book
- Who is the book written for?
- The big picture
- Do We Need to Secure an Android Application?
- Principles and Methodologies
- Gravity of principles (The rules of the game)
- The Fail-Safe vs Fail-Secure Principle (Planning for the Unexpected)
- Least Common Mechanism
- Separation of Privilege and Least Privilege
- The Zero Trust Principle: Trust No One, Verify Everything
- KISS: The Principle of Least Complexity in Security
- Defense in Depth
- Defensive, Offensive, and Aggressive Programming
- Notes on Modularity, cohesion, and coupling
- Securing the Development Lifecycle
- Design Review
- Code Review
- Regular Security Assessments
- Security Requirements
- Integrating Security Testing
- Threat Modeling, Standards and Guidelines
- Shostack’s Four Question Framework
- Threat Modelling frameworks
- Security Standards and Guidelines
- Some keywords to know
- Attack and Defense
- We don’t need to experience it again!
- Why are we not learning from history?
- How you will be attacked
- How to Defend
- Act as a chief
- Common Programming Mistakes
- Memory safety
- C and C++
- Java
- Kotlin
- Real world examples
- Data Validation
- Untrusted Data Sources
- Input Validation
- Encoding Methods
- Sanitizing user inputs
- Android Security Model
- Let’s open the onion layers
- Application Sandbox and Android Runtime
- Application Signing
- Permission and Package Manager
- SELinux
- AndroidManifest and Components
- Inter-process communication
- HAL Layer
- Play Integrity
- Jetpack libraries
- Protecting Data
- Data life-cycle
- What Google has done to address insecure storage
- File Integrity Verification
- Private Space
- Authentication, Network, and Protocols
- Android AccountManager for Access Control
- Credential Manager
- Android Biometric Authentication
- Android Network Security Configuration
- Sniffing
- Certificate Pinning in Android Applications
- Implementing SSL/TLS for Android Network Communications
- OAuth and OpenID Connect for Android Applications
- Bluetooth
- Practical Scenarios
- Financial Android Application
- Key Provider Service
- Sensor HAL Layer Daemon
- Vehicle Data Logger Application
- Compilers and Tools
- Clang and GCC Security Features
- Obfuscation
- R8
- Notes on hiding keys, secrets and credentials
- Static and Dynamic Analysis Tools
- Last word
- About the Author
- Abbreviations Glossary
- References
- Appendix
- Security Standards and Guidelines
- A detailed STRIDE and TARA comparison
- Useful tools
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
