Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Material for Secure Android Design and Development

From App Layer to HAL – Aligned with Android 15

Mohammad Hossein Heydarchi

The author is letting you choose the price you pay for this book!

Pick Your Price...
PDF
EPUB
WEB
About

About

About the Book

Share this book

Categories

AndroidComputer SecurityComputers and Programming

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$19.00

$29.00

You pay

$29.00

Author earns

$23.20
$

All prices are in US $. You can pay in US $ or in your local currency when you check out.

EU customers: prices exclude VAT, which is added during checkout.

...Or Buy With Credits!

Number of credits (Minimum 2)

2
The author will earn $24.00 from your purchase!
You can get credits monthly with a Reader Membership

Author

About the Author

Mohammad Hossein Heydarchi

With over 15 years in embedded development, he specializes in creating system-level services for automotive, telecom, and industrial applications. His background in electronic engineering and focus on security give him a holistic understanding of systems across web, Windows, and embedded platforms. Throughout his career, he’s held roles from developer to project manager, deepening his expertise across multiple technical perspectives. Inspired by challenges in Android security, particularly in AAOS/AOSP, he wrote this book to share with developers.

Contents

Table of Contents

1. Brief

  1. No magic at all!
  2. Who is the course written for?

2. The big picture

  1. Do We Need to Secure an Android Application?
  2. Different Use Cases and Their Security Considerations
  3. Security as a Spectrum, Not a Binary Choice
  4. Exercise 1
  5. Quiz 1

3. Principles and Methodologies

  1. Gravity of principles (The rules of the game)
  2. The Fail-Safe vs Fail-Secure Principle (Planning for the Unexpected)
  3. Fail-Safe Principle in Software Development
  4. Fail-Secure Principle
  5. Saltzer-Schroeder article
  6. Least Common Mechanism
  7. The Significance of the Principle
  8. Practical Examples
  9. Exercise 2
  10. Separation of Privilege and Least Privilege
  11. Some of the benefits of Least Privilege
  12. Some of the benefits of the Separation of Privilege
  13. Examples of Separation of Privilege & Least Privilege
  14. Exercise 3
  15. The Zero Trust Principle: Trust No One, Verify Everything
  16. Examples of Zero Trust
  17. Access Control:
  18. Micro-segmentation:
  19. Multi-factor Authentication (MFA):
  20. Applying Zero Trust to Android Development
  21. SELinux & App permissions
  22. Exercise 4
  23. KISS: The Principle of Least Complexity in Security
  24. Examples of the Principle of Least Complexity in Android
  25. Some KISS principle best practices
  26. Exercise 5
  27. Defense in Depth
  28. Examples
  29. Physical Security:
  30. Network Security:
  31. Application Security:
  32. Data Security:
  33. User Training and Awareness:
  34. Exercise 6
  35. Defensive, Offensive, and Aggressive Programming
  36. Development stance
  37. Development method (methodology)
  38. Defensive programming
  39. When to use Defensive programming
  40. Pros
  41. Cons
  42. Offensive programming
  43. What is acceptable?
  44. What should be handled
  45. Pros
  46. Cons
  47. Aggressive programming
  48. Best practice
  49. Exercise 7
  50. Notes on Modularity, cohesion, and coupling
  51. The Importance of Software Design and Implementation Beyond Platform-Specific Techniques
  52. Principles and Software Complexity
  53. Software Complexity and Security Risks
  54. Final Thoughts on Core Programming Concepts
  55. Exercise 8
  56. Quiz 2

4. Securing the Development Lifecycle

  1. Design Review
  2. Exercise 9
  3. Code Review
  4. The imperative role of code review
  5. Kick-off Meeting
  6. Code Review Checklist
  7. Security Code Review Process
  8. Preparation:
  9. Static Analysis:
  10. Dynamic Analysis:
  11. Post-Review:
  12. Manual Code Review
  13. Developer Updates and Follow-up
  14. Follow coding standards and best practices:
  15. Look for common security vulnerabilities:
  16. Understand the dependencies:
  17. Conduct threat modeling:
  18. Use automated tools and perform manual reviews:
  19. Security Code Review Examples
  20. An example of URL Injection
  21. Exercise 10
  22. Regular Security Assessments
  23. Importance of Regular Security Assessments
  24. Important Elements of Continual Assessments
  25. Exercise 11
  26. Security Requirements
  27. Code Integrity
  28. Booting Securely
  29. Compiler Optimizations
  30. Address Space Layout Randomization (ASLR)
  31. Code Obfuscation
  32. Data Protection
  33. Authentication and Authorization
  34. Strengthened Authentication
  35. RBAC or role-based access Control
  36. Incident Response
  37. Monitoring and Logging
  38. Updates on Security
  39. Plan for Security Incident Response
  40. Exercise 12
  41. Integrating Security Testing
  42. Security Testing Methods
  43. Static Application Security Testing and Static Code Analyzers (SAST)
  44. Dynamic Application Security Testing (DAST)
  45. Penetration Testing
  46. Fuzz testing
  47. Security Testing Techniques and Tools
  48. Code Review
  49. AI
  50. Secure Code Libraries
  51. Integrating Security Testing into Android Development
  52. Continuous Integration Pipeline
  53. Security Testing Examples
  54. Exercise 13
  55. Quiz 3

5. Threat Modeling, Standards and Guidelines

  1. Shostack’s Four Question Framework
  2. Exercise 14
  3. Threat Modelling frameworks
  4. TARA
  5. Exercise 15
  6. Security Standards and Guidelines
  7. Some organization to know
  8. MITRE
  9. CVE
  10. CWE
  11. OWASP
  12. Choosing the Right Framework
  13. Exercise 16
  14. Some keywords to know
  15. Vulnerability Severity Score
  16. Vulnerability Risk
  17. Attack Vector
  18. Attack Surface
  19. Privilege Escalation
  20. Zero-Day Vulnerability
  21. Exercise 17
  22. Quiz 4

6. Attack and Defense

  1. We don’t need to experience it again!
  2. Why are we not learning from history?
  3. Let’s simplify
  4. All the ways to get inside
  5. Different Scenarios
  6. General steps
  7. An insider
  8. The plane is hijacked
  9. No guard watching the doors
  10. Shaky building
  11. Superhero is forbidden!
  12. You don’t know my language
  13. He has a mask
  14. Exercise 18
  15. How you will be attacked
  16. Unfold the target
  17. Extract information from the unfolded app
  18. Look for a vulnerability
  19. Examine the founding
  20. Prepare to attack
  21. Attack
  22. Exercise 19
  23. How to Defend
  24. Defensive Techniques
  25. In the development process
  26. Minimizing the surface attack
  27. Compiler & tools
  28. Run-time
  29. Implementation & Language Specific
  30. Data Protection
  31. Network & protocols
  32. OS Mechanisms
  33. Libraries
  34. System level
  35. Testing
  36. Exercise 20
  37. Act as a chief
  38. Quiz 5

7. Common Programming Mistakes

  1. Memory safety
  2. The Challenge of Memory Safety in C and C++
  3. Rust: A Safer Alternative?
  4. Why Hasn’t Rust Been Widely Adopted Yet?
  5. A Potential Transition Strategy
  6. Exercise 21
  7. C and C++
  8. Buffer overflow & Out-of-bund write
  9. Expired pointer dereference (CWE-825)
  10. Use after free (CWE-416)
  11. Double free (CWE-415)
  12. Out-of-Bounds Read (CWE-125)
  13. Buffer Over-Read (CWE-126)
  14. Buffer Under-Read (CWE-127)
  15. NULL Pointer Dereference (CWE-476)
  16. Access of Uninitialized Pointer (CWE-824)
  17. Exercise 22
  18. Java
  19. Serialization Vulnerabilities (CWE-502: Deserialization of Untrusted Data)
  20. Ineffective Exception Handling (CWE-209: Information Exposure Through Error Messages)
  21. Use of Reflection (CWE-470: Use of Externally-Controlled Input to Select Classes or Code)
  22. Insecure Configuration and Hard-Coded Credentials (CWE-798: Use of Hard-coded Credentials)
  23. Unchecked Input Leading to Injection (CWE-89: SQL Injection, CWE-79: XSS)
  24. Integer Overflow/Underflow (CWE-190 / CWE-191)
  25. Exercise 23
  26. Kotlin
  27. Null Safety Misconceptions
  28. Improper Coroutines Usage (Race Conditions and Data Races)
  29. Extension Functions Misuse
  30. Data Class Copy Functions
  31. Default Parameters and Overloading
  32. NULL Pointer Dereference (CWE-476)
  33. Exercise 24
  34. Real world examples
  35. Linux-Related CVEs
  36. Android-Related CVEs
  37. Exercise 25
  38. Quiz 6

8. Data Validation

  1. Untrusted Data Sources
  2. Types of Untrusted Data Sources
  3. External storage:
  4. User input:
  5. Network connections:
  6. Third-party libraries:
  7. Dealing with Untrusted Data Sources
  8. Input validation:
  9. Encoding and escaping data:
  10. Limiting third-party library usage:
  11. Sandboxing and isolation:
  12. Exercise 26
  13. Input Validation
  14. Input Range Validation
  15. Input Length Validation
  16. Importance of Input Length Restrictions
  17. Prevention of Buffer Overflow Attacks
  18. Protection Against Denial of Service (DoS) Attacks
  19. Data Integrity
  20. Usability
  21. Implementation Techniques
  22. Whitelisting and Blacklisting
  23. Input format
  24. Regular Expressions
  25. Type-checking and Casting
  26. Application Framework and Library Input Validation
  27. Some libraries and methods for input validation:
  28. Real-life Incidents
  29. The Morris Worm (1988):
  30. The infamous Heartbleed bug that affected OpenSSL (2014):
  31. Exercise 27
  32. Encoding Methods
  33. HTML Encoding
  34. URL Encoding
  35. JavaScript Encoding
  36. SQL Encoding or SQL Escaping
  37. Unicode Encoding
  38. Incidents and History
  39. Exercise 28
  40. Sanitizing user inputs
  41. Importance of Input Sanitization
  42. SQL Injection:
  43. Cross-site scripting (XSS):
  44. Command Injection:
  45. Buffer Overflow:
  46. Why use Input Sanitization Libraries?
  47. Input Sanitization Libraries for C/C++
  48. Libinjection:
  49. StringSan:
  50. libtidy:
  51. Input Sanitization Libraries for Java
  52. OWASP ESAPI:
  53. Apache Commons Validator:
  54. Google Guava:
  55. Input Sanitization Libraries in Kotlin (Android)
  56. Android Saripaar:
  57. Validators Kotlin:
  58. Exercise 29
  59. Quiz 7

9. Android Security Model

  1. Let’s open the onion layers
  2. Exercise 30
  3. Application Sandbox and Android Runtime
  4. Exercise 31
  5. Application Signing
  6. Exercise 32
  7. Permission and Package Manager
  8. Exercise 33
  9. SELinux
  10. Exercise 34
  11. AndroidManifest and Components
  12. Inter-process communication
  13. AIDL (application level)
  14. Service Binding
  15. Interface Methods
  16. AIDL Transaction Security
  17. Bound Services Security
  18. Cross-process Communication
  19. Broadcasts and Intents
  20. Android Broadcasts
  21. Securing Android Broadcasts
  22. Android Intents
  23. Securing Android Intents
  24. Content provider
  25. Example Implementation
  26. Exercise 35
  27. HAL Layer
  28. System Daemon Isolation
  29. Hardware Abstraction Security
  30. Vendor HAL and Secure Implementation
  31. Binderized HAL
  32. HIDL (HAL Interface Definition Language)
  33. Direct Memory Access (DMA)
  34. Exercise 36
  35. Play Integrity
  36. Play Integrity API: A Comprehensive Solution
  37. Key Considerations for Play Integrity API Implementation
  38. Play Integrity API Integration
  39. Platform Compatibility
  40. 9.1 Play Integrity API: A Comprehensive Solution
  41. 9.2 Key Considerations for Play Integrity API Implementation
  42. 9.3 Play Integrity API Integration
  43. 9.4 Platform Compatibility
  44. Exercise 37
  45. Jetpack libraries
  46. Quiz 8

10. Protecting Data

  1. Data life-cycle
  2. In-Transit
  3. In-Memory
  4. Temporary
  5. Persistent (Long-Term)
  6. Exercise 38
  7. What Google has done to address insecure storage
  8. Recent Android security improvements
  9. Scoped Storage
  10. Secure File Storage
  11. Android Keychain and KeyStore for Secure Credential Storage
  12. Keychain and KeyStore: A Brief Overview
  13. Using the Android Keychain for Secure Credential Storage
  14. Using the Android KeyStore for Secure Key Storage
  15. Using Hardware-Backed Keys for Added Security
  16. SharedPreference - Securely storing
  17. Encrypt SQLite Database (SQLCipher + Room)
  18. Dynamic Code Loading Restrictions (Android 14)
  19. Exercise 39
  20. File Integrity Verification
  21. Exercise 40
  22. Private Space
  23. Exercise 41
  24. Quiz 9

11. Authentication, Network, and Protocols

  1. Android AccountManager for Access Control
  2. Credential Manager
  3. Exercise 42
  4. Android Biometric Authentication
  5. History of Biometric Authentication
  6. Advantages of Biometric Authentication
  7. Integrating Android Biometric Authentication
  8. Potential Risks
  9. Exercise 43
  10. Android Network Security Configuration
  11. Overview
  12. Components
  13. Examples
  14. Implementation
  15. Exercise 44
  16. Sniffing
  17. Security Considerations:
  18. Best Practices
  19. Traffic Protection
  20. Data Handling
  21. Exercise 45
  22. Certificate Pinning in Android Applications
  23. What Is Certificate Pinning?
  24. Another example for OkHttp
  25. Exercise 46
  26. Implementing SSL/TLS for Android Network Communications
  27. Exercise 47
  28. OAuth and OpenID Connect for Android Applications
  29. OAuth
  30. OAuth 2.0 defines four grant types (authorization flows) to acquire an access token:
  31. OpenID Connect
  32. OIDC extends OAuth by providing additional features like:
  33. Implementing OAuth and OIDC in Android Applications
  34. Exercise 48
  35. Bluetooth
  36. Bluetooth Security Protocols
  37. Classic Bluetooth vs. Bluetooth Low Energy (BLE)
  38. Pairing Modes
  39. Man-in-the-Middle (MITM) Protection
  40. Bluetooth Profiles and Associated Risks
  41. Securing BLE Advertising and GATT Communications
  42. Nearby Permissions
  43. Preventing Bluetooth Sniffing
  44. Exercise 49
  45. Quiz 10

12. Practical Scenarios

  1. Financial Android Application
  2. Project Description
  3. Architecture
  4. 1) What are we building?
  5. 2) What can go wrong?
  6. 3) What are we going to do about it?
  7. Protect Stored Data
  8. Network Security & Anti-MITM
  9. Credential & QR Security
  10. Push Notification Safety
  11. Logging & Cache Protections
  12. 4) Did we do a good job?
  13. Exercise 50
  14. Key Provider Service
  15. Project Description
  16. Architecture
  17. 1) What are we building?
  18. 2) What can go wrong?
  19. 3) What are we going to do about it?
  20. Restricting the AIDL Interface
  21. Secure Key Storage
  22. Secure Remote Fetch (If Applicable)
  23. Minimal Privileges & SELinux
  24. 4) Did we do a good job?
  25. Exercise 51
  26. Sensor HAL Layer Daemon
  27. Project Description
  28. Architecture
  29. 1) What are we building?
  30. 2) What can go wrong?
  31. 3) What are we going to do about it?
  32. Secure SOME/IP
  33. Subscription Access Control
  34. DoS Mitigation
  35. Privilege Separation
  36. 4) Did we do a good job?
  37. Exercise 52
  38. Vehicle Data Logger Application
  39. Project Description
  40. Architecture
  41. 1) What are we building?
  42. 2) What can go wrong?
  43. 3) What are we going to do about it?
  44. Encrypt Data at Rest
  45. Secure Bluetooth Pairing & Transfer
  46. Physical Security & Consent
  47. Logs/Cache Management
  48. 4) Did we do a good job?
  49. Exercise 53
  50. Quiz 11

13. Compilers and Tools

  1. Clang and GCC Security Features
  2. Compiler Warnings
  3. Stack Protection
  4. Address Space Layout Randomization (ASLR)
  5. Library order randomization
  6. Data Execution Prevention (DEP)
  7. Control Flow Integrity (CFI)
  8. Fortify Source
  9. Android Sanitizer
  10. Exercise 54
  11. Obfuscation
  12. What is Obfuscation?
  13. Minifying or shrinking is not obfuscation!
  14. ProGuard and its Role in Obfuscation
  15. An Example of ProGuard’s Obfuscation
  16. The most important features of ProGuard
  17. Code Shrinking:
  18. Code Obfuscation:
  19. Code Optimization:
  20. Pre-verification:
  21. proguard-android.txt:
  22. proguard-android-optimize.txt:
  23. Pros and Cons of Using ProGuard
  24. Pros:
  25. Cons:
  26. Retrofit
  27. Gson
  28. Room
  29. R8
  30. Exercise 55
  31. Notes on hiding keys, secrets and credentials
  32. Exercise 56
  33. Static and Dynamic Analysis Tools
  34. What is static and dynamic code analysis?
  35. Static Code Analysis
  36. C/C++
  37. Java
  38. Kotlin
  39. Python
  40. CppCheck output
  41. cpplint output
  42. checkstyle
  43. Dynamic Code Analysis
  44. C/C++
  45. Java
  46. Kotlin
  47. Android
  48. Python
  49. Hints on Static Analyzer tools
  50. Example of Dynamic Code Analysis in Android:
  51. Exercise 57
  52. Quiz 12

14. Appendices

  1. Last word
  2. About the Author
  3. Abbreviations Glossary
  4. References
  5. Security Standards and Guidelines
  6. A detailed STRIDE and TARA comparison
  7. Useful tools

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub