developing secure mobile applications for android
Post on 23-Feb-2016
73 Views
Preview:
DESCRIPTION
TRANSCRIPT
Developing Secure Mobile Applications for Android
http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
CS 595James Zachary Howland
Background
• Designed with security in mind• Data sharing must be done explicitly• Potentially harmful applications are limited by
user• Every application is its own user• Applications are signed by developers• Uses manifest to specify permissions
Intents and Pending Intents
• What are Intents?• Bad Data and Intent Filters• Callbacks should probably use PendingIntents
Activities
• Allow code reuse• Intent Filter note• Security concerns
Broadcasts
• Allows components to communicate• Sensitive data• Sticky Broadcasts
Services
• Secure calls into Services
Content Providers and File Access
• Permission Style• Avoiding SQL Injection• Nothing should be world-writable• SD Card
Binders
• What are Binders?• Security
Conclusion
• Android developed with security in mind• Very specific methods for IPC• Keep It Simple
top related