Docstoc

Developing Secure Mobile Applications for Android

Document Sample
Developing Secure Mobile Applications for Android Powered By Docstoc
					Developing Secure Mobile
 Applications for Android
 http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf

                             CS 595
                     James Zachary Howland
                Background
• Designed with security in mind
• Data sharing must be done explicitly
• Potentially harmful applications are limited by
  user
• Every application is its own user
• Applications are signed by developers
• Uses manifest to specify permissions
     Intents and Pending Intents
• What are Intents?
• Bad Data and Intent Filters
• Callbacks should probably use PendingIntents
                  Activities
• Allow code reuse
• Intent Filter note
• Security concerns
              Broadcasts
• Allows components to communicate
• Sensitive data
• Sticky Broadcasts
                   Services
• Secure calls into Services
    Content Providers and File Access
•   Permission Style
•   Avoiding SQL Injection
•   Nothing should be world-writable
•   SD Card
                 Binders
• What are Binders?
• Security
                Conclusion
• Android developed with security in mind
• Very specific methods for IPC
• Keep It Simple

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:4/2/2014
language:English
pages:9