developing secure mobile applications for android cs 595 james zachary howland
TRANSCRIPT
![Page 1: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/1.jpg)
Developing Secure Mobile Applications for Android
http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
CS 595James Zachary Howland
![Page 2: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/2.jpg)
Background
• Designed with security in mind• Data sharing must be done explicitly• Potentially harmful applications are limited by
user• Every application is its own user• Applications are signed by developers• Uses manifest to specify permissions
![Page 3: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/3.jpg)
Intents and Pending Intents
• What are Intents?• Bad Data and Intent Filters• Callbacks should probably use PendingIntents
![Page 4: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/4.jpg)
Activities
• Allow code reuse• Intent Filter note• Security concerns
![Page 5: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/5.jpg)
Broadcasts
• Allows components to communicate• Sensitive data• Sticky Broadcasts
![Page 6: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/6.jpg)
Services
• Secure calls into Services
![Page 7: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/7.jpg)
Content Providers and File Access
• Permission Style• Avoiding SQL Injection• Nothing should be world-writable• SD Card
![Page 8: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/8.jpg)
Binders
• What are Binders?• Security
![Page 9: Developing Secure Mobile Applications for Android CS 595 James Zachary Howland](https://reader035.vdocument.in/reader035/viewer/2022072110/56649eb05503460f94bb6171/html5/thumbnails/9.jpg)
Conclusion
• Android developed with security in mind• Very specific methods for IPC• Keep It Simple