Android Apps Security [Gunasekera 2012-09-11].pdf

(6500 KB) Pobierz
Create apps that are safe from hacking,
attacks, and security breaches
Android Apps
Security
Sheran A. Gunasekera
For your convenience Apress has placed some of the front
matter material after the index. Please use the Bookmarks
and Contents at a Glance links to access them.
Contents at a Glance
About the Author �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
xiii
About the Technical Reviewer �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
xv
Acknowledgments �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
xvii
Chapter 1: Android Architecture �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
1
Chapter 2: Information: The Foundation of an App�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
13
Chapter 3: Android Security Architecture �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
31
Chapter 4: Concepts in Action – Part 1�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
47
Chapter 5: Data Storage and Cryptography �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
55
Chapter 6: Talking to Web Apps�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
87
Chapter 7: Security in the Enterprise �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
121
Chapter 8: Concepts in Action: Part 2�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
137
Chapter 9: Publishing and Selling Your Apps �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
163
Chapter 10: Malware and Spyware �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
203
Appendix A: Android Permission Constants �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
213
Index �½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½�½
223
v
Chapter
1
Android Architecture
Google entered the mobile phone market in a style that only multibillion-dollar companies can
afford: it bought a company. In 2005, Google, Inc. purchased Android, Inc. At the time, Android
was relatively unknown, despite having four very successful people as its creators. Founded
by Andy Rubin, Rich Miner, Chris White, and Nick Sears in 2003, Android flew under the radar,
developing an operating system for mobile phones. With a quest to develop a smarter mobile
phone that was more aware of its owner’s preferences, the team behind the Android operating
system toiled away in secrecy. Admitting only that they were developing software for mobile
phones, the team remained quiet about the true nature of the Android operating system until the
acquisition in 2005.
With the full might of Google’s resources behind it, Android development increased at a rapid
pace. By the second quarter of 2011, Android had already captured nearly a 50% market share
in mobile phone operating systems shipped to end users. The four founders stayed on after the
acquisition, with Rubin taking the lead as Senior Vice President of Mobile. The official launch of
version 1.0 of Android took place on September 23, 2008, and the first device to run it was the
HTC Dream (see Figure
1-1).
1
2
CHAPTER 1: Android Architecture
Figure 1-1.
An HTC Dream (Courtesy Michael Oryl)
One of the unique features of the Android operating system that has allowed it to grow
rapidly has been that the binaries and source code are released as open source software.
You can download the entire source code of the Android operating system, and it takes up
approximately 2.6 GB of disk space. In theory, this allows anyone to design and build a phone
that runs Android. The idea of keeping the software open source was followed until version
3.0. Versions of Android including and higher than 3.0 are still closed source. In an interview
given to
Bloomberg Businessweek,
Rubin said that the version 3.x code base took many
shortcuts to ensure it was released to market quickly and worked with very specific hardware.
If other hardware vendors adopted this version of Android, then the chances for a negative user
experience would be a possibility, and Google wished to avoid this.
1
Components of the Android Architecture
The Android architecture is divided into the following four main components (see Figure
1-2):
1.
2.
3.
4.
1
The kernel
The libraries and Dalvik virtual machine
The application framework
The applications
Bloomberg Businessweek,
“Google Holds Honeycomb Tight,” Ashlee Vance and Brad Stone,
www.businessweek.com/technology/content/mar2011/tc20110324_269784.htm,
March 24, 2011.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin