Bulletproof Android: Practical Advice for Building Secure Apps (Paperback)

Battle-Tested Best Practices for Securing Android Apps throughout the Development Lifecycle

Android’s immense popularity has made it today’s #1 target for attack: high-profile victims include eHarmony, Facebook, and Delta Airlines, just to name a few. Today, every Android app needs to resist aggressive attacks and protect data, and in Bulletproof Android™, Godfrey Nolan shows you how.

Unlike “black hat/gray hat” books, which focus on breaking code, this guide brings together complete best practices for hardening code throughout the entire development lifecycle. Using detailed examples from hundreds of apps he has personally audited, Nolan identifies common “anti-patterns” that expose apps to attack, and then demonstrates more secure solutions.

Nolan covers authentication, networking, databases, server attacks, libraries, hardware, and more. He illuminates each technique with code examples, offering expert advice on implementation and trade-offs. Each topic is supported with a complete sample app, which demonstrates real security problems and solutions.

Learn how to

• Apply core practices for securing the platform
• Protect code, algorithms, and business rules from reverse engineering
• Eliminate hardcoding of keys, APIs, and other static data
• Eradicate extraneous data from production APKs
• Overcome the unique challenges of mobile authentication and login
• Transmit information securely using SSL
• Prevent man-in-the-middle attacks
• Safely store data in SQLite databases
• Prevent attacks against web servers and services
• Avoid side-channel data leakage through third-party libraries
• Secure APKs running on diverse devices and Android versions
• Achieve HIPAA or FIPS compliance
• Harden devices with encryption, SELinux, Knox, and MDM
• Preview emerging attacks and countermeasures

This guide is a perfect complement to Nolan’s Android™ Security Essentials LiveLessons (video training; ISBN-13: 978-0-13-382904-4) and reflects new risks that have been identified since the LiveLessons were released.

《強化 Android 應用程式安全的實戰最佳實踐》

Android 的廣泛普及使其成為當今攻擊的首要目標：知名受害者包括 eHarmony、Facebook 和 Delta Airlines，僅舉幾例。如今，每個 Android 應用程式都需要抵禦激進的攻擊並保護數據，在《強化 Android™》中，Godfrey Nolan 將向您展示如何做到這一點。

與專注於破解代碼的「黑帽/灰帽」書籍不同，本指南匯集了在整個開發生命週期中加固代碼的完整最佳實踐。Nolan 使用他個人審核的數百個應用程式的詳細示例，識別出暴露應用程式於攻擊的常見「反模式」，並展示更安全的解決方案。

Nolan 詳細介紹了身份驗證、網絡、數據庫、服務器攻擊、庫、硬件等技術。他通過代碼示例闡明了每種技術，並提供了有關實施和權衡的專家建議。每個主題都有一個完整的示例應用程式作為支持，展示了真實的安全問題和解決方案。

學習如何：
- 應用核心實踐來保護平台安全
- 保護代碼、算法和業務規則免受逆向工程
- 消除密鑰、API 和其他靜態數據的硬編碼
- 從生產 APK 中刪除多餘的數據
- 克服移動身份驗證和登錄的獨特挑戰
- 使用 SSL 安全地傳輸信息
- 防止中間人攻擊
- 安全地存儲數據在 SQLite 數據庫中
- 防止對 Web 服務器和服務的攻擊
- 通過第三方庫避免側信道數據洩漏
- 保護在不同設備和 Android 版本上運行的 APK
- 達到 HIPAA 或 FIPS 合規性
- 通過加密、SELinux、Knox 和 MDM 加固設備
- 預覽新興攻擊和對策

本指南是 Nolan 的《Android™ 安全基礎知識 LiveLessons》（視頻培訓；ISBN-13: 978-0-13-382904-4）的完美補充，並反映了自 LiveLessons 發布以來已經確定的新風險。