90 likes | 322 Views
Developing Secure Mobile Applications for Android. http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf CS 595 James Zachary Howland. Background. Designed with security in mind Data sharing must be done explicitly Potentially harmful applications are limited by user
E N D
Developing Secure Mobile Applications for Android http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdfCS 595James Zachary Howland
Background • Designed with security in mind • Data sharing must be done explicitly • Potentially harmful applications are limited by user • Every application is its own user • Applications are signed by developers • Uses manifest to specify permissions
Intents and Pending Intents • What are Intents? • Bad Data and Intent Filters • Callbacks should probably use PendingIntents
Activities • Allow code reuse • Intent Filter note • Security concerns
Broadcasts • Allows components to communicate • Sensitive data • Sticky Broadcasts
Services • Secure calls into Services
Content Providers and File Access • Permission Style • Avoiding SQL Injection • Nothing should be world-writable • SD Card
Binders • What are Binders? • Security
Conclusion • Android developed with security in mind • Very specific methods for IPC • Keep It Simple