Bulletproof Android

Battle-Tested Best Practices for Securing Android Apps throughout the Development Lifecycle

Android’s immense popularity has made it today’s #1 target for attack: high-profile victims include eHarmony, Facebook, and Delta Airlines, just to name a few. Today, every Android app needs to resist aggressive attacks and protect data, and in Bulletproof Android™, Godfrey Nolan shows you how.

Unlike “black hat/gray hat” books, which focus on breaking code, this guide brings together complete best practices for hardening code throughout the entire development lifecycle. Using detailed examples from hundreds of apps he has personally audited, Nolan identifies common “anti-patterns” that expose apps to attack, and then demonstrates more secure solutions.

Nolan covers authentication, networking, databases, server attacks, libraries, hardware, and more. He illuminates each technique with code examples, offering expert advice on implementation and trade-offs. Each topic is supported with a complete sample app, which demonstrates real security problems and solutions.

Learn how to
Apply core practices for securing the platformProtect code, algorithms, and business rules from reverse engineeringEliminate hardcoding of keys, APIs, and other static dataEradicate extraneous data from production APKsOvercome the unique challenges of mobile authentication and loginTransmit information securely using SSLPrevent man-in-the-middle attacksSafely store data in SQLite databasesPrevent attacks against web servers and servicesAvoid side-channel data leakage through third-party librariesSecure APKs running on diverse devices and Android versionsAchieve HIPAA or FIPS complianceHarden devices with encryption, SELinux, Knox, and MDMPreview emerging attacks and countermeasures
This guide is a perfect complement to Nolan’s Android™ Security Essentials LiveLessons (video training; ISBN-13: 978-0-13-382904-4) and reflects new risks that have been identified since the LiveLessons were released.