The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Advanced Android Security v1.0

Course Description

Building secure Android applications requires a solid understanding of the features offered by Android, coupled with concrete secure coding guidelines. Throughout this course, learners will build up security knowledge for Android applications. We’ll cover topics such as secure network communication, handling secrets, dealing with authentication, and handling permissions. Every Android developer should take this course to learn about security best practices for modern Android applications.

Learning Objectives

  • Understand how to use the latest security features offered by Android
  • Design and build secure Android applications
  • Analyze Android applications for common security flaws

Details

Delivery Format: eLearning

Duration: 1 Hour 45 minutes

Level: Advanced

Intended Audience:

  • Architects
  • Mobile Developers

Prerequisites:

Course Outline

Secure Application Development for Android

  • Security for Android Applications
  • Android, Java, and Kotlin

Enhanced Exception Handling in Kotlin

  • Exception Handling in Java
  • Exception Handling in Java: Question
  • Handling Null Pointer Exceptions in Kotlin
  • Addressing Type Safety
  • Defensive Coding Guidelines for Kotlin

Secure Network Communication

  • Using HTTPS Correctly
  • SSL without HTTPS
  • The Need for Certificate Pinning
  • Certificate Pinning in Practice
  • Best Practices for Pinning

Handling Secrets and Sensitive Data

  • Encrypting and Decrypting Data
  • Storing Keys with the Android Keystore
  • Password-Based Key Generation

Local User Authentication

  • Local Authentication Scenarios
  • Using Biometric Authentication
  • Unlocking Cryptographic Keys with Authentication
  • Alternative Authentication Mechanisms

API-Based User Authentication

  • Simple User Authentication
  • Introducing OpenID Connect
  • Integrating OIDC into the Application
  • Behind the Scenes

Secure API Access

  • Scenarios for Securing API Access
  • Using OAuth 2.0 for Secure API Access
  • Handling Access Tokens
  • Handling Refresh Tokens

Handling Web Content

  • Rendering Web Content on Android
  • Integrating a WebView into the Application
  • Bridging JavaScript and Native Code
  • Web Security in a WebView Context
  • Security Considerations

Securing Intents

  • Using Intents Within an Application
  • Calling Other Applications with Intents
  • Handling Incoming Intents
  • Best Practices

Using Permissions Effectively

  • Permissions and Protection Levels
  • Permissions and Protection Levels: Question
  • Custom Permissions
  • Requesting Permissions from the User
  • Using Permission Groups

Conclusion

  • Language and Platform Security
  • Protecting Sensitive Data
  • Remote Authentication and API Access
  • Handling Web Content
  • Permissions and Intents
  • Custom Permission

 

 

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster