wood burning stoves 2.0*
The moose likes Book Reviews and the fly likes Application Security for the Android Platform: Processes, Permissions, and Other Safeguards Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Books » Book Reviews
Bookmark "Application Security for the Android Platform: Processes, Permissions, and Other Safeguards" Watch "Application Security for the Android Platform: Processes, Permissions, and Other Safeguards" New topic
Author

Application Security for the Android Platform: Processes, Permissions, and Other Safeguards

Book Review Team
Bartender

Joined: Feb 15, 2002
Posts: 933
Author/s    : Jeff Six
Publisher   : O'Reilly Media
Category   : Miscellaneous Java
Review by : Ulf Dittmer
Rating        : 8 horseshoes

While it's tempting to think that a mobile phone is a safer environment than, say, a web app, the reality is that it's becoming less so, if it ever was that in the first place. Malware of various kinds is just as much of a threat to a mobile app as to a web app, particularly in an ecosystem as open as Android.

This book ties together the different aspects that an Android app developer needs to consider when releasing an app into the wild (like through Google's Android Market). It covers the underlying OS architecture, where many app privileges are based on Linux file permissions, and then proceeds to the application permissions that govern capabilities granted to an app, like access to GPS location, use of internet connectivity, and access to SD card data. The latter will be familiar to anyone who's written an Android app (since they need to be listed explicitly in each app's manifest file). The next chapter covers the interprocess communication that allows apps to make use of other apps capabilities and permissions - Intents, BroadcastReceivers and ContentProviders. While the "how" of those is generally covered extensively, the security aspects tend to get overlooked; but not here. The last couple of chapters deal with securing sensitive data stored on the device, and with the internet connectivity that most mobile apps do in some form, and to which the same network security principles apply as for web apps (SSL encryption and mutual authentication). Those chapters delve deeply into Java's JCE API.

Overall I found the book easy to follow along, with plenty of code examples to study. The chapters can be read largely independently of one another, but at a length of not much more than 100 pages one might as well read the book in whole. While parts of the book will be familiar to a seasoned Java developer, and some parts have been covered widely online, this reviewer thinks it's still useful to have it all in one place, so as better to start thinking about app security as a whole, not as individual pieces to be used as is convenient - the threats are multiple, and an app is only as strong as its weakest point. Once it's out there on a device, it's subject to much more extensive probing than would be possible for a web app. Better to get its security story straight.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at Amazon.com
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Application Security for the Android Platform: Processes, Permissions, and Other Safeguards
 
Similar Threads
Spring Persistence with Hibernate (Beginning)
The Android Developer's Cookbook: Building Applications with the Android SDK (Developer's Library)
Unlocking Android: A Developer's Guide
JasperReports 3.6 Development Cookbook
JUnit In Action 2nd edition