没有合适的资源?快使用搜索试试~ 我知道了~
首页掌握最新安卓应用安全策略:实操指南
"《Android应用安全要点》是一本由Pragati Ogal Rai撰写的专业书籍,专注于介绍如何使用最新的技术和概念来编写安全的Android应用程序。该书针对的是Android Security领域的核心内容,旨在帮助开发者理解和实践在Android应用开发中至关重要的安全措施。 书中涵盖了广泛的主题,包括但不限于:应用级别的安全策略、数据加密、权限管理、防止逆向工程、代码审计、安全编码实践、以及对各种安全漏洞和攻击手段的防范方法。作者强调了在当前快速发展的移动应用环境中,确保应用安全的重要性,并提供了实用的指导,以帮助读者构建抵御潜在威胁的应用程序。 版权方面,所有内容受2013年Packt Publishing出版的版权保护,未经书面许可,不得以任何形式复制、存储或传输,除非用于嵌入在批判性文章或评论中。尽管作者和出版社已尽最大努力确保信息的准确性,但本书提供的信息是无保修的,既没有明示也没有暗示的保证,对于因使用本书信息而直接或间接造成的任何损害,作者和Packt Publishing及其经销商和分销商均不承担法律责任。 在品牌提及方面,尽管Packt Publishing试图通过正确使用大写字母来提供商标信息,但并不能保证这些信息的准确性。本书首次出版日期为A,具体年份未给出,但可以推断这是最新版本的信息,反映了当时的安全最佳实践。 阅读这本书,开发者将不仅能够提升自己Android应用的安全防护能力,也能跟上行业动态,以应对日益复杂的网络安全挑战。无论是初级开发者还是经验丰富的专业人士,这都是一本值得深入研究和参考的重要资源。"
资源详情
资源推荐
Table of Contents
[ iii ]
Chapter 5: Respect Your Users 79
Principles of data security 80
Condentiality 80
Integrity 81
Availability 81
Identifying assets, threats, and attacks 81
What and where to store 86
End-to-end security 87
The mobile ecosystem 88
Three states of data 90
Digital rights management 92
Summary 95
Chapter 6: Your Tools – Crypto APIs 97
Terminology 98
Security providers 99
Random number generation 100
Hashing functions 101
Public key cryptography 103
RSA 104
Key generation 105
Encryption 105
Decryption 106
Padding 106
TheDife-Hellmanalgorithm 106
Symmetric key cryptography 108
Stream cipher 109
Block cipher 110
Block cipher modes 111
Electronic Code Book (ECB) 111
Cipher Block Chaining (CBC) 112
Cipher Feedback Chaining (CFB) 113
Output Feedback Mode (OFB) 114
Advanced Encryption Standard (AES) 115
Message Authentication Codes 116
Summary 117
Chapter 7: Securing Application Data 119
Data storage decisions 120
Privacy 120
Data retention 121
Implementation decisions 121
Table of Contents
[ iv ]
User preferences 123
Shared preferences 123
Creatingapreferencele 123
Writing preference 124
Reading preference 124
Preference Activity 125
File 125
Creatingale 126
Writingtoale 126
Readingfromale 126
File operations on an external storage 127
Cache 128
Database 129
Account manager 131
SSL/TLS 132
Installing an application on an external storage 133
Summary 136
Chapter 8: Android in the Enterprise 137
The basics 138
Understanding the Android ecosystem 138
Device administration capabilities 139
Device administration API 140
Policies 141
DeviceAdminReceiver 142
Protecting data on a device 145
Encryption 146
Backup 147
Secure connection 147
Identity 148
Next steps 149
Devicespecicdecisions 149
Knowing your community 151
Deningboundaries 151
Android compatibility program 151
Rolling out support 152
Policy and compliance 153
FINRA 153
Android Update Alliance 154
Summary 154
Table of Contents
[ v ]
Chapter 9: Testing for Security 155
Testing overview 156
Security testing basics 158
Security tenets 158
Security testing categories 160
Application review 160
Manual testing 161
Dynamic testing 161
Sample test case scenarios 161
Testing on the server 161
Testing the network 162
Securing data in transit 162
Secure storage 162
Validating before acting 162
The principle of least privilege 163
Managing liability 163
Cleaning up 164
Usability versus security 164
Authentication scheme 164
Thinking like a hacker 164
Integrating with caution 164
Security testing the resources 165
OWASP 165
Android utilities 165
Android Debug Bridge 165
Setting up the device 166
SQlite3 166
Dalvik Debug Monitor Service 167
BusyBox 167
Decompile APK 168
Summary 169
Chapter 10: Looking into the Future 171
Mobile commerce 172
Product discovery using a mobile device 172
Mobile payments 173
Congurations 173
PCI Standard 175
Point of Sale 176
Proximity technologies 178
Social networking 178
Preface
In today's techno-savvy world, more and more of our lives are going digital and all
this information is accessible anytime and anywhere using mobile devices. There
are thousands of apps available for users to download and play with. With so much
information easily accessible using application on the mobile devices, the biggest
challenge is to secure the users' private information and respect their privacy.
The rst Android phone came out in 2009. The mobile ecosystem has not been the
same since then. The openness of the platform and a far less restrictive application
model created excitement in the developer community and also fostered innovation
and experimentation. But just as every coin has two sides, so does openness. The
Android platform irked the imagination of the so-called bad guys. Android provides
a perfect test bed for them to try out their ideas. It is thus of great importance not
only as a developer, but also as a consumer, to be aware of Android's security model
and how to use it judiciously to protect yourself and your consumers.
Android Application Security Essentials is a deep dive into Android security from the
kernel level to the application level, with practical hands-on examples, illustrations,
and everyday use cases. This book will show you how to secure your Android
applications and data. It will equip you with tricks and tips that will come in handy
as you develop your applications.
You will learn the overall security architecture of the Android stack. Securing
components with permissions, dening security in manifest le, cryptographic
algorithms, and protocols on Android stack, secure storage, security focused testing,
and protecting enterprise data on device is also discussed in detail. You will also
learn how to be security aware when integrating newer technologies and use cases
such as NFC and mobile payments into your Android applications.
剩余217页未读,继续阅读
康建伟
- 粉丝: 1250
- 资源: 10
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 多模态联合稀疏表示在视频目标跟踪中的应用
- Kubernetes资源管控与Gardener开源软件实践解析
- MPI集群监控与负载平衡策略
- 自动化PHP安全漏洞检测:静态代码分析与数据流方法
- 青苔数据CEO程永:技术生态与阿里云开放创新
- 制造业转型: HyperX引领企业上云策略
- 赵维五分享:航空工业电子采购上云实战与运维策略
- 单片机控制的LED点阵显示屏设计及其实现
- 驻云科技李俊涛:AI驱动的云上服务新趋势与挑战
- 6LoWPAN物联网边界路由器:设计与实现
- 猩便利工程师仲小玉:Terraform云资源管理最佳实践与团队协作
- 类差分度改进的互信息特征选择提升文本分类性能
- VERITAS与阿里云合作的混合云转型与数据保护方案
- 云制造中的生产线仿真模型设计与虚拟化研究
- 汪洋在PostgresChina2018分享:高可用 PostgreSQL 工具与架构设计
- 2018 PostgresChina大会:阿里云时空引擎Ganos在PostgreSQL中的创新应用与多模型存储
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功