34,79 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
In today's techno-savvy world, more and more parts of our lives are going digital, and all this information is accessible anytime and anywhere using mobile devices. It is of the utmost importance that you understand and implement security in your apps that will reduce the likelihood of hazards that will wreck your users' experience.
"Android Application Security Essentials" takes a deep look into Android security from kernel to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to overcome the challenge of getting the security of your applications right.
"Android Application Security Essentials" will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.We will start by learning the overall security architecture of the Android stack. Securing components with permissions, defining security in a manifest file, cryptographic algorithms and protocols on the Android stack, secure storage, security focused testing, and protecting enterprise data on your device is then also discussed in detail. You will also learn how to be security-aware when integrating newer technologies like NFC and mobile payments into your Android applications.
At the end of this book, you will understand Android security at the system level all the way to the nitty-gritty details of application security for securing your Android applications.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 264
Veröffentlichungsjahr: 2013
Ähnliche
Table of Contents
Android Application Security Essentials
Android Application Security Essentials
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2013
Production Reference: 1140813
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-84951-560-3
www.packtpub.com
Cover Image by Karl Moore (<[email protected]>)
Credits
Author
Pragati Ogal Rai
Reviewer
Alessandro Parisi
Acquisition Editor
Martin Bell
Lead Technical Editor
Madhuja Chaudhari
Technical Editors
Sampreshita Maheshwari
Larissa Pinto
Project Coordinator
Hardik Patel
Proofreader
Maria Gould
Indexer
Priya Subramani
Graphics
Abhinash Sahu
Ronak Druv
Production Coordinator
Prachali Bhiwandkar
Cover Work
Prachali Bhiwandkar
Foreword
When I first began working at GO Corporation in the early 1990s, the state of the art in mobile computing was an 8-lb, clipboard sized device with minimal battery life and an optional 9600 baud modem. But the vision that drove that device could just as easily be applied to the newest Android and iOS devices released this year: the desire for an integrated, task-centric computing platform with seamless connectivity. Back then, we thought that the height of that vision would be the ability to "send someone a fax from the beach." By the time I helped AOL deliver AIM, its instant messaging client, as one of the launch titles for Apple's iPhone App Store in 2008, that vision was already on its way to becoming a reality. But even at that time, just a few years ago, we couldn't have predicted what a tremendous effect these devices and the app ecosystem they spawned would have on our day-to-day lives.
Today, mobile devices are everywhere. They entertain us, they help us pass the time; and of course, they help us keep in touch (though perhaps not so much through fax). The Android operating system by Google is one of the driving forces behind this revolution, having been adopted by hundreds of device vendors and installed on nearly a billion devices worldwide. But as these mobile devices pervade every corner of our lives, keeping them—and their users—secure becomes critical. That's why this book is so important.
Viruses, Trojan horses, and malware may still be more prevalent on desktop platforms than they are on mobile. But the growth of the mobile market has meant a sharp rise in malicious software; anti-virus maker Kaspersky reports thousands of new programs detected each month. And today's smartphones and tablets represent an irresistible honey pot to the would-be attacker. Personal information, financial data, passwords, and social graphs, even up to the moment location data—everything that makes these devices so valuable to consumers is also what makes them such an attractive target to pranksters and data thieves. As developers, it's our responsibility to be good stewards of the information our users have entrusted to us. And the open and integrated nature of the Android operating system means it's much more important that each of us do our part to secure our applications and services.
Security can't be just a checkbox or an afterthought; it needs to be part of the design, and woven throughout the implementation of your application. I know Pragati Rai understands this intimately, having worked on this problem from both the perspective of the OS and the application developer. That's why she's so well positioned to write this book. She is able to look at the entirety of the Android ecosystem, from device to kernel to application, and present clear and actionable steps developers can take to secure their applications and data, along with source code that illustrates their use and methodologies to test their effectiveness. Moreover, she goes beyond the bits and bytes to explore security policy and best practices that can balance a developer's desire to use personal information with the user's desire to protect it.
The convergence of powerful mobile devices, ubiquitous social media, and the ability to transmit, store, and consume vast quantities of data has raised the stakes for everyone when it comes to mobile security. But security is like the air we breathe; we don't really think about it until it's gone, and by then it's often too late—too late to protect our users, and too late to protect the developer's reputation and business. So, it's critically important for every Android developer to understand the role they play in keeping users safe in this complex and ever-changing landscape.
As a developer and a user myself, I'm thankful that Pragati has taken the time to write such a comprehensive and informative guide to help us navigate this space, and I'm hopeful that her lessons will enable Android developers everywhere to give us the engaging and innovative applications we crave, while maintaining the security and trust we expect and deserve.
Edwin Aoki
Technology Fellow, PayPal
About the Author
Pragati Ogal Rai is a technologist with more than 14 years of experience in mobile operating systems, mobile security, mobile payments, and mobile commerce. From working as a platform security engineer with Motorola Mobility, to designing and developing PayPal's mobile offerings, she has an extensive end-to-end experience in all aspects of mobile technology.
Pragati has a dual Master's in Computer Science and has taught and trained computer science students at different levels. She is a recognized speaker at international technology events.
My sincere thanks to the entire Packt Publishing team for bringing this book to life. Special thanks to Hardik Patel, Madhuja Chaudhari, and Martin Bell for working diligently with me throughout the writing of this book and accommodating my crazy schedule. I want to acknowledge Alessandro Parisi for his candid comments and suggestions to improve the quality of the book.
Thanks to the thriving and vibrant community of Android developers who are the reason behind this book.
A big thank you to all my friends and family for encouraging me to write this book. In particular, I want to thank two families, the Khannas and the Kollis, who were my pillars of support during the writing of this book. Special thanks to Selina Garrison for her guidance and for being there for me. Last but most importantly, I want to thank my husband, Hariom Rai, and my son, Arnav Rai, who constantly encouraged, supported, and cheered me in their own ways as I wrote this book. Without them this book could not have been completed.
About the Reviewer
Alessandro Parisi is an enterprise software architect and an ethical hacker, working as an IT consultant for nearly 20 years now, keen on experimenting non-conventional solutions to problem solving in complex and dynamic contexts, mixing new technologies with lateral thinking and a holistic approach.
Founder of InformaticaSicura.com, specializing in IT security consultancy, he is the curator of Hacking Wisdom column appearing on the blog informaticasicura.altervista.org.
He is also the author of Sicurezza Informatica e Tutela della Privacy, published by Istituto Poligrafico e Zecca dello Stato, Italy, 2006.
I would like to acknowledge Ilaria Sinisi for her support and patience. Thank you very much, Ilaria.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
To my mom, Rekha Ogal. I love you, mom, and miss you very much. May you rest in peace.
Preface
In today's techno-savvy world, more and more of our lives are going digital and all this information is accessible anytime and anywhere using mobile devices. There are thousands of apps available for users to download and play with. With so much information easily accessible using application on the mobile devices, the biggest challenge is to secure the users' private information and respect their privacy.
The first Android phone came out in 2009. The mobile ecosystem has not been the same since then. The openness of the platform and a far less restrictive application model created excitement in the developer community and also fostered innovation and experimentation. But just as every coin has two sides, so does openness. The Android platform irked the imagination of the so-called bad guys. Android provides a perfect test bed for them to try out their ideas. It is thus of great importance not only as a developer, but also as a consumer, to be aware of Android's security model and how to use it judiciously to protect yourself and your consumers.
Android Application Security Essentials is a deep dive into Android security from the kernel level to the application level, with practical hands-on examples, illustrations, and everyday use cases. This book will show you how to secure your Android applications and data. It will equip you with tricks and tips that will come in handy as you develop your applications.
You will learn the overall security architecture of the Android stack. Securing components with permissions, defining security in manifest file, cryptographic algorithms, and protocols on Android stack, secure storage, security focused testing, and protecting enterprise data on device is also discussed in detail. You will also learn how to be security aware when integrating newer technologies and use cases such as NFC and mobile payments into your Android applications.
What this book covers
Chapter 1, Android Security Model – the Big Picture, focuses on the overall security of the Android stack all the way from platform security to application security. This chapter will form a baseline on which the subsequent chapters will be built upon.
Chapter 2, Application Building Blocks, introduces application components, permissions, manifest files, and application signing from a security perspective. These are all basic components of an Android application and knowledge of these components is important to build our security knowledge.
Chapter 3, Permissions, talks about existing permissions in the Android platform, how to define new permissions, how to secure application components with permissions, and provides an analysis of when to define a new permission.
Chapter 4, Defining the Application's Policy File, drills down into the mechanics of the manifest file, which is the application's policy file. We talk about tips and tricks to tighten up the policy file.
Chapter 5, Respect Your Users, covers best practices on handling users' data properly. This is important as a developer's reputation depends on user reviews and ratings. The developer should also be careful about handling user private information carefully so as not to fall into legal traps.
Chapter 6, Your Tools – Crypto APIs, discusses cryptographic capabilities provided by the Android platform. These include symmetric encryption, asymmetric encryption, hashing, cipher modes, and key management.
Chapter 7, Securing Application Data, is all about secure storage of application data both at rest and in transit. We talk about how private data is sandboxed with the application, how to securely store data on the device, on external memory cards, drives, and databases.
Chapter 8, Android in the Enterprise, talks about device security artifacts that are provided by the Android Platform and what they mean to an application developer. This chapter is of special interest to enterprise application developers.
Chapter 9, Testing for Security, focuses on designing and developing security-focused test cases.
Chapter 10, Looking into the Future, discusses upcoming use cases in the mobile space and how it affects Android, especially from a security perspective.
What you need for this book
This book is much more valuable if you have an Android environment set up and can play with the concepts and examples discussed in this book. Please refer to developer.android.com for detailed instructions on how to set up your environment and get started with Android development. If you are interested in kernel development, please refer to source.android.com.
At the time of writing this book, Jelly Bean (Android 4.2, API level 17) is the latest release. I have tested all my code snippets on this platform. Ever since the first release of Cupcake in 2009, Google has been continuously enhancing the security of Android with successive releases. For example, remote wipe and device management APIs were added in Android 2.2 (API level 8) to make Android more appealing to the business community. Whenever relevant, I have referenced the release that started supporting a particular feature.
Who this book is for
This book is an excellent resource for anyone interested in mobile security. Developers, test engineers, engineering managers, product managers, and architects may use this book as a reference when designing and writing their applications. Senior management and technologists may use this book to gain a broader perspective on mobile security. Some prior knowledge of development on the Android stack is desirable but not required.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. The Android Security Model – the Big Picture
Welcome to the first chapter of Android Application Security Essentials!
The Android stack is different in many ways. It is open; more advanced than some of the other platforms, and imbibes the learning from attempts to develop a mobile platform in the past. In this first chapter, we introduce the basics of the Android security model from the kernel all the way to the application level. Each security artifact introduced in this chapter is discussed in greater detail in the following chapters.
We kick off the chapter with explaining why install time application permission evaluation is integral to the security of the Android platform and user data. Android has a layered architecture and a security evaluation of each architectural layer is discussed in this chapter. We end the chapter with a discussion of core security artifacts such as application signing, secure data storage on the device, crypto APIs, and administration of an Android device.
Installing with care
One of the differentiating factors of Android from other mobile operating systems is the install time review of an application's permissions. All permissions that an application requires have to be declared in the application's manifest file. These permissions are capabilities that an application requires for functioning properly. Examples include accessing the user's contact list, sending SMSs from the phone, making a phone call, and accessing the Internet. Refer Chapter 3, Permissions, for a detailed description of the permissions.
When a user installs an application, all permissions declared in the manifest file are presented to the user. A user then has the option to review the permissions and make an informed decision to install or not to install an application. Users should review these permissions very carefully as this is the only time that a user is asked for permissions. After this step, the user has no control on the application. The best a user can do is to uninstall the application. Refer to the following screenshot for reference. In this example, the application will track or access the user location, it will use the network, read the user's contact list, read the phone state, and will use some development capabilities. When screening this application for security, the user must evaluate if granting a certain power to this application is required or not. If this is a gaming application, it might not need development tool capabilities. If this is an educational application for kids, it should not need access to the contact list or need to access the user location. Also be mindful of the fact that a developer can add their own permissions especially if they want to communicate with other applications that they have developed as well and may be installed on the device. It is the onus of the developer to provide a clear description of such permissions.
At install time, the framework ensures that all permissions used in the application are declared in the manifest file. The OS at runtime then enforces these permissions.
Android platform architecture
Android is a modern operating system with a layered software stack. The following figure illustrates the layers in Android's software stack. This software stack runs on top of the device hardware. Android's software stack can run on many different hardware configurations such as smartphones, tablets, televisions, and even embedded devices such as microwaves, refrigerators, watches, and pens. Security is provided at every layer, creating a secure environment for mobile applications to live and execute. In this section, we will discuss the security provided by each layer of the Android stack.
Linux kernel
On top of the device hardware sits the Linux kernel. The Linux kernel has been in use for decades as a secure multi-user operating system, isolating one user from the other. Android uses this property of Linux as the basis of Android security. Imagine Android as a multi-user platform where each user is an application and each application is isolated from each other. The Linux kernel hosts the device drivers such as drivers for bluetooth, camera, Wi-Fi, and flash memory. The kernel also provides a mechanism for secure Remote Procedure Calls (RPC).
As each application is installed on the device, it is given a unique User Identification (UID) and Group Identification (GID). This UID is the identity of the application for as long as it is installed on the device.
Refer to the following screenshot. In the first column are all the application UIDs. Notice the highlighted application. Application com.paypal.com has the UID app_8 and com.skype.com has the UID app_64. In the Linux kernel, both these applications run in their own processes with this ID.
Refer to the next screenshot. When we give the id command in the shell, the kernel displays the UID, GID, and the groups the shell is associated with. This is the process sandbox model that Android uses to isolate one process from the other. Two processes can share data with each other. The proper mechanics to do so are discussed in Chapter 4, Defining the Application's Policy File.
Although most Android applications are written in Java, it is sometimes required to write native applications. Native applications are more complex as developers need to manage memory and device-specific issues. Developers can use the Android NDK toolset to develop parts of their application in C/C++. All native applications conform to Linux process sandboxing; there is no difference in the security of a native application and Java application. Bear in mind that just as with any Java application, proper security artifacts such as encryption, hashing, and secure communication are required.
Middleware
On top of the Linux kernel sits the middleware that provides libraries for code execution. Examples of such libraries are libSSL, libc, OpenGL. This layer also provides the runtime environment for Java applications.
Since most users write their apps on Android in Java, the obvious question is: does Android provide a Java virtual machine? The answer to this question is no, Android does not provide a Java virtual machine. So a Java Archive (JAR) file will not execute on Android, as Android does not execute byte code. What Android does provide is a Dalvik virtual machine. Android uses a tool called dx to convert byte codes to Dalvik Executable (DEX).
Dalvik virtual machine
Originally developed by Dan Bornstein, who named it after the fishing village of Dalvik in Iceland where some of his ancestors lived, Dalvik is a register-based, highly optimized, open-sourced virtual machine. Dalvik does not align with Java SE or Java ME and its library is based on Apache Harmony.
Each Java application runs in its own VM. When the device boots up, a nascent process called Zygote spawns a VM process. This Zygote then forks to create new VMs for processes on request.
The main motivation behind Dalvik is to reduce memory footprint by increased sharing. The constant pool in Dalvik is thus a shared pool. It also shares core, read only libraries between different VM processes.
Dalvik relies on the Linux platform for all underlying functionality such as threading and memory management. Dalvik does have separate garbage collectors for each VM but takes care of processes that share resources.
Dan Bornstein made a great presentation about Dalvik at Google IO 2008. You can find it at http://www.youtube.com/watch?v=ptjedOZEXPM. Check it out!
Application layer
Application developers developing Java-based applications interact with the application layer of the Android stack. Unless you are creating a native application, this layer will provide you with all the resources to create your application.
We can further divide this application layer into the application framework layer and the application layer. The application framework layer provides the classes that are exposed by the Android stack for use by an application. Examples include the Activity manager that manages the life-cycle of an Activity, the package manager that manages the installing and uninstalling of an application, and the notification manager to send out notifications to the user.
The application layer is the layer where applications reside. These could be system applications or user applications. System applications are the ones that come bundled with the device such as mail, calendar, contacts, and browser. Users cannot uninstall these applications. User applications are the third party applications that users install on their device. Users can install and uninstall these applications at their free will.
Android application structure
To understand the security at the application layer, it is important to understand the Android application structure. Each Android application is created as a stack of components. The beauty of this application structure is that each component is a self-contained entity in itself and can be called exclusively even by other applications. This kind of application structure encourages the sharing of components. The following figure shows the anatomy of an Android application that consists of activities, services, broadcast receivers, and content providers:
Android supports four kinds of components:
All the preceding components are declared in the AndroidManifest.xml (manifest) file. In addition to the components, the manifest file also lists other application requirements such as the minimum API level of Android required, user permissions required by the application such as access to the Internet and reading of the contact list, permission to use hardware by the application such as Bluetooth and the camera, and libraries that the application links to, such as the Google Maps API. Chapter 4, Defining the Application's Policy File, discusses the manifest file in greater detail.
Activities, services, content providers, and broadcast receivers all talk to each other using Intents. Intent is Android's mechanism for asynchronous
