Android™ app development is a valuable skill set for a programmer today. An important part of that skill set is the ability to create apps that protect you, your users, and your users' organizations from attack. In this course, you will learn why it is critical to build security into your Android apps, how to improve your programming processes to promote security, and how to provide countermeasures for the numerous threats to which an Android app and its users are exposed.
In this course, you will harden native Android mobile apps against attack, and ensure secure network communications and backend web services.
- Explain why an organization should devote time and resources to app security, including a specific rationale for Android app development.
- Identify where and how the Android system architecture is vulnerable to security threats.
- Employ strategies to promote the security of mobile apps, including specific strategies for Android.
- Enable an Android app to communicate securely with hardware and software on the device.
- Enable an Android app to secure data through encryption.
- Enable an Android app to store data securely.
- Enable an Android app to communicate securely over networks and with web services.
- Use the WebView component securely.
- Protect credentials in storage and in transit.
- Harden an Android app against attack to levels appropriate for the risk model.
This course is intended for a programmer or web developer who is experienced with mobile app development in Android and wants to learn how to develop secure apps that are hardened against attack to levels that are appropriate for the risk model of the app. The student has experience developing Android apps and is familiar with the Android SDK, development tools, and processes.
To ensure your success, you should have experience developing Android apps in Java using Eclipse and the Android SDK. To meet this prerequisite, you can take the Logical Operations course Developing Android™ Mobile Apps for Business.
A general understanding of information technology security is also helpful, but not required. Logical Operations offers various courses on information technology security, including CompTIA® Security+.
Lesson 1: The Rationale for Android App Security
Topic A: Identify the Need for Security
Topic B: Identify Security Requirements and Expectations
Topic C: Include Security in Your Development Processes
Topic D: Identify Your Approach to Risk Management
Lesson 2: The Android Security Architecture
Topic A: Strengths and Weaknesses of the Android Security Architecture
Topic B: The Android Permissions Model
Topic C: Android Vulnerabilities
Lesson 3: Employing Secure Mobile App Development Strategies
Topic A: Follow App Security Best Practices
Topic B: Design for Security
Topic C: Write Secure Java Code
Lesson 4: Accessing Local Processes and Devices Securely
Topic A: Select Countermeasures for Local Threats
Topic B: Implement Secure Access of Local Processes and Hardware
Lesson 5: Securing Data Through Encryption
Topic A: Select Countermeasures for Threats to Cleartext Data
Topic B: Implement Encryption
Lesson 6: Accessing Local Storage Securely
Topic A: Identify Countermeasures for Local Storage Threats
Topic B: Implement Secure Access of Local Storage
Lesson 7: Communicating with Networks and Web Services Securely
Topic A: Identify Countermeasures for Networking Threats
Topic B: Implement Secure Network Communication
Lesson 8: Using the WebView Component Securely
Topic A: Identify Countermeasures for WebView Component Threats
Topic B: Implement WebView Security
Lesson 9: Protecting Credentials in Storage and Transit
Topic A: Identify Countermeasures for Threats to Credentials
Topic B: Implement Secure User Authentication
Lesson 10: Hardening Apps Against Attack
Topic A: Identify Countermeasures for Reverse Engineering Threats
Topic B: Harden an App
Appendix A: Categories of Permissions
Appendix B: CompTIA ADR-001 Exam Objectives Mapping