Courses

North Carolina State University, Department of Computer Science

Pennsylvania State University, College of Engineering

Tutorials

Intro to Securing Android Applications

Raleigh Chapter of ISSA, Back-to-Basics session
December 4, 2014 (planned)

The Android platform runs on hundreds of millions of smartphones and mobile devices, with over a million applications available in the Google Play Store. As Android continues to mature to meet the requirements of enterprises, companies have begun to develop custom Android applications that allow employees to access business information. When developing these applications, application security is of utmost importance. In this talk, we will discuss common security failures in Android applications. We will also discuss best practices and overview security features that Android makes available to developers.

Intro to Developing Android Applications

Raleigh Chapter of ISSA, Back-to-Basics session
October 2, 2014

Android has become pervasive as a computing platform. In addition to smartphones and tablets, Android is increasingly appearing in embedded systems such as TVs and cars. This adoption is occurring because Android provides an embedded platform on top of which software can be easily developed. This talk will start the attendees on their way of developing Android applications. We will overview the basic design of an Android application and then work through a "Hello World" example. Throughout the talk, we will point the attendees towards valuable resources for learning to develop Android apps. Note that to get the most out of this talk, attendees should bring a laptop pre-setup with the Android SDK (http://developer.android.com/sdk) and have a basic knowledge of Java.

[Slides]

Understanding Android's Security Framework

ACM Conference on Computer and Communications Security (CCS)
October 29, 2008

The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. Android defines a new component-based framework for developing mobile applications, where each application is comprised of different numbers and types of components. Activity components form the basis of the user interface; each screen presented to the user is a different Activity. Service components provide background processing that continues even after its application loses focus. Services also define arbitrary interfaces for communicating with other applications. Content Provider components share information in relational database form. For instance, the system includes an application with a Content Provider devoted to sharing the user's address book upon which other applications can query. Finally, Broadcast Receiver components act as an asynchronous mailbox for messages from the system and other applications. As a whole, this application framework supports a flexible degree of collaboration between applications, where dependencies can be as simple or complex as a situation requires.

In this tutorial, we will overview the mechanisms required to develop secure applications within the Android development framework, indicating how the environment has evolved with recent releases of the SDK. We will begin with the basics of building an Android application; no prior knowledge of Android is required. From this base, we will demonstrate how applications can communicate and provide services to one another. However, these interfaces must be carefully secured to defend against general malfeasance. We show how Android's security model aims to provide mechanisms for requisite protection of applications and critical smartphone functionality and present a number of "best practices" for secure application development within the environment

The slides and example application source code are available.