| Description |
1 online resource |
|
text file |
|
PDF |
| Series |
ITpro collection
|
| Contents |
Intro -- Table of Contents -- About the Author -- About the Technical Reviewer -- Acknowledgments -- Introduction -- Chapter 1: Introduction -- The Startup Landscape -- Between Two Books -- What Is Malware? -- Launching Attacks via Phones -- Hello, I'm Your CTO -- Hello, I'm Your CISO -- Reporting to the CEO -- Reporting to the CFO -- Reporting to the CTO -- Reviewing What Gets Published -- Did I Just Waste My Time Reading All This? -- Chapter 2: Recap of Secure Development Principles -- Privacy -- Swatting -- Data Security -- Data Encryption -- Calling Up Sensitive Information |
|
Network Security -- Chapter 3: App Licensing and SafetyNet -- API Key -- Building the Back End -- Pseudocode for the Back End -- Validation -- The Payload -- Can This Be Bypassed? -- So, Why Don't Many People Use SafetyNet? -- Chapter 4: Securing Your Apps at Scale -- Static Source Code Security Analysis -- Third-Party Libraries or Dependencies -- Developer Training -- Obfuscation -- String Encryption -- Class Renaming -- Spaghetti Code/Control Flow Alteration -- NOP and Code Injection -- Which Obfuscator to Use -- Our Base Program -- Summary -- Vulnerability Assessment -- The Red Team |
|
The Blue Team -- A Word About Automation -- The Compliance Team -- Visualizing the Team -- Improvements -- Running on the Emulator -- Chapter 5: Hacking Your App -- Feature Examination -- Getting the APK File -- The Android Debug Bridge (adb) -- Developer Mode -- Static Analysis -- APKTool -- JEB -- Chapter 6: The Tool Bag -- The Builder Tools -- Android Studio -- My Android Studio Tweaks -- Creating a Virtual Device -- The Breaker Tools -- Burp Suite -- Web Application Security Test Kit -- My Burp Suite Tweaks -- Frida -- Dynamic Instrumentation Toolkit -- JEB -- Android Decompiler |
|
Some Thoughts on Environment Setup -- Chapter 7: Hacking Your App #2 -- Dynamic Analysis -- Disassembling the APK -- Setting the "android:debuggable" Flag -- Reassembling and Signing the APK -- Signing with apksigner -- Signing with jarsigner -- Debugging with JEB -- Debugging for Free -- Frida's Interesting Tricks -- Chapter 8: Rooting Your Android Device -- What Is Root? -- Why Root? -- Rooting Safely -- The Rooting Process -- Getting the Factory Image -- Installing Magisk Manager -- Patching the boot.img File -- Unlock the Device Bootloader -- Flashing the Modified boot.img |
|
Completing the Rooting Process -- Looking a Little Bit Deeper -- Other Ways of Rooting -- Testing Frida -- Examining the Filesystem -- Detecting and Hiding Root -- Defeating Root Detection -- Further Tools to Help Debugging -- Summary -- Chapter 9: Bypassing SSL Pinning -- SSL Certificates -- Domain Validation -- Organizational Validation -- Extended Validation -- Self-Signed Certificates -- A Note About Verification -- Getting a DV Certificate -- Certbot -- The Back End -- Back-End Server Specification -- Android Client -- Testing SSL Traffic Interception with Burp Suite -- Adding SSL Pinning |
| Summary |
Gain the information you need to design secure, useful, high-performing apps that expose end-users to as little risk as possible. This book shows you how to best design and develop Android apps with security in mind: explore concepts that you can use to secure apps and how you can use and incorporate these security features into your apps. You will: Identify data that should be secured Use the Android APIs to ensure confidentiality and integrity of data Build secure apps for the enterprise Implement Public Key Infrastructure and encryption APIs in apps Master owners, access control lists, and permissions to allow user control over app properties Manage authentication, transport layer encryption, and server-side security. |
| Bibliography |
Includes bibliographical references and index. |
| Subject |
Android (Electronic resource)
|
|
Android (Electronic resource) |
|
Application software -- Security measures.
|
|
Application software -- Development.
|
|
Mobile apps.
|
|
Logiciels d'application -- Sécurité -- Mesures. |
|
Logiciels d'application -- Développement. |
|
Applications mobiles. |
|
Computer programming -- software development. |
|
Mobile & handheld device programming -- Apps programming. |
|
Application software -- Development |
|
Mobile apps |
| Other Form: |
Print version: Gunasekera, Sheran. Android apps security. Second edition. [United States] : Apress, 2020 1484216814 9781484216811 (OCoLC)930996388 |
| ISBN |
9781484216828 (electronic bk.) |
|
1484216822 (electronic bk.) |
| Standard No. |
10.1007/978-1-4842-1682-8. doi |
|
10.1007/978-1-4842-1 |
|
More Resources