1 / 9

Developing Secure Mobile Applications for Android

Developing Secure Mobile Applications for Android. http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf CS 595 James Zachary Howland. Background. Designed with security in mind Data sharing must be done explicitly Potentially harmful applications are limited by user

jane
Télécharger la présentation

Developing Secure Mobile Applications for Android

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing Secure Mobile Applications for Android http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdfCS 595James Zachary Howland

  2. Background • Designed with security in mind • Data sharing must be done explicitly • Potentially harmful applications are limited by user • Every application is its own user • Applications are signed by developers • Uses manifest to specify permissions

  3. Intents and Pending Intents • What are Intents? • Bad Data and Intent Filters • Callbacks should probably use PendingIntents

  4. Activities • Allow code reuse • Intent Filter note • Security concerns

  5. Broadcasts • Allows components to communicate • Sensitive data • Sticky Broadcasts

  6. Services • Secure calls into Services

  7. Content Providers and File Access • Permission Style • Avoiding SQL Injection • Nothing should be world-writable • SD Card

  8. Binders • What are Binders? • Security

  9. Conclusion • Android developed with security in mind • Very specific methods for IPC • Keep It Simple

More Related