Transcript [Zachary Howland]

Developing Secure Mobile
Applications for Android
http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
CS 595
James Zachary Howland
Background
• Designed with security in mind
• Data sharing must be done explicitly
• Potentially harmful applications are limited by
user
• Every application is its own user
• Applications are signed by developers
• Uses manifest to specify permissions
Intents and Pending Intents
• What are Intents?
• Bad Data and Intent Filters
• Callbacks should probably use PendingIntents
Activities
• Allow code reuse
• Intent Filter note
• Security concerns
Broadcasts
• Allows components to communicate
• Sensitive data
• Sticky Broadcasts
Services
• Secure calls into Services
Content Providers and File Access
•
•
•
•
Permission Style
Avoiding SQL Injection
Nothing should be world-writable
SD Card
Binders
• What are Binders?
• Security
Conclusion
• Android developed with security in mind
• Very specific methods for IPC
• Keep It Simple