Course Description
Building secure Android applications requires a solid understanding of the features offered by Android, coupled with concrete secure coding guidelines. Throughout this course, learners will build up security knowledge for Android applications. We’ll cover topics such as secure network communication, handling secrets, dealing with authentication, and handling permissions. Every Android developer should take this course to learn about security best practices for modern Android applications.
Learning Objectives
- Understand how to use the latest security features offered by Android
- Design and build secure Android applications
- Analyze Android applications for common security flaws
Details
Delivery Format: eLearning
Duration: 1 Hour 45 minutes
Level: Advanced
Intended Audience:
- Architects
- Mobile Developers
Prerequisites:
Course Outline
Secure Application Development for Android
- Security for Android Applications
- Android, Java, and Kotlin
Enhanced Exception Handling in Kotlin
- Exception Handling in Java
- Exception Handling in Java: Question
- Handling Null Pointer Exceptions in Kotlin
- Addressing Type Safety
- Defensive Coding Guidelines for Kotlin
Secure Network Communication
- Using HTTPS Correctly
- SSL without HTTPS
- The Need for Certificate Pinning
- Certificate Pinning in Practice
- Best Practices for Pinning
Handling Secrets and Sensitive Data
- Encrypting and Decrypting Data
- Storing Keys with the Android Keystore
- Password-Based Key Generation
Local User Authentication
- Local Authentication Scenarios
- Using Biometric Authentication
- Unlocking Cryptographic Keys with Authentication
- Alternative Authentication Mechanisms
API-Based User Authentication
- Simple User Authentication
- Introducing OpenID Connect
- Integrating OIDC into the Application
- Behind the Scenes
Secure API Access
- Scenarios for Securing API Access
- Using OAuth 2.0 for Secure API Access
- Handling Access Tokens
- Handling Refresh Tokens
Handling Web Content
- Rendering Web Content on Android
- Integrating a WebView into the Application
- Bridging JavaScript and Native Code
- Web Security in a WebView Context
- Security Considerations
Securing Intents
- Using Intents Within an Application
- Calling Other Applications with Intents
- Handling Incoming Intents
- Best Practices
Using Permissions Effectively
- Permissions and Protection Levels
- Permissions and Protection Levels: Question
- Custom Permissions
- Requesting Permissions from the User
- Using Permission Groups
Conclusion
- Language and Platform Security
- Protecting Sensitive Data
- Remote Authentication and API Access
- Handling Web Content
- Permissions and Intents
- Custom Permission