Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Android apps security
Gunasekera S., Apress, Berkeley, CA, 2012. 248 pp.  Type: Book (978-1-430240-62-4)
Date Reviewed: Jan 25 2013

As smartphone sales continue to increase, Android has seen an incredible jump in market share. In the third quarter of 2012 (a period of three months), 122 million Android devices were sold worldwide. This represents a 72 percent market share for Android for the period. In this context, security is a real concern for Android owners. Malware and viruses are real threats to the Android ecosystem. Although this has not become a mainstream issue, it is looming around the corner. Fortunately, security has always been a top priority in the Android development community, and I’m glad Gunasekera has written this very readable book. For general network security (forensics), readers should refer to Davidoff and Ham’s excellent and detailed treatise [1].

The book starts off with a detailed description of the Android architecture. This reveals one of the issues with this sort of book: they are very time-sensitive. The book says that “Android runs on top of the Linux 2.6 kernel,” but of course a newer version of Android called Ice Cream Sandwich runs on the 3.0.31 kernel. Developers have to take this into consideration when going through the book.

Since Android is an open architecture, anyone can write and publish apps; this results in a largely unmediated ecosystem. There are other books that cover this, Six’s being a prominent one [2]. The problem is not specific to the Android ecosystem. Other mobile operating systems, like iOS, need an equal treatment, too (Zdziarski offers such a book [3]). In an open ecosystem, there is an inherent security risk with the approach. With good architecture and design principles, developers can make secure and robust systems. This book presents several good examples in Java, and demonstrates how to develop them with secure good practices. I like that the book includes several diagrams; detailed class name and description tables; and sample application screen shots. One chapter is devoted exclusively to cryptographic systems. Beginners will benefit immensely from this chapter, which is one of the best summaries I have seen on the subject. One chapter deals with client-to-server communication, the client being the Android app, and another chapter on Android-to-web-server communication deals with the secure sockets layer (SSL) and OAuth protocols. The remaining chapters address piracy and malware threats.

Overall, this is an appropriate book for the Android community. New developers should make an effort to ensure that their apps honor the privacy concerns of users, and are robust and secure from any current attacks. They should also update their apps regularly to address new threats and coding issues, such as buffer overflow attacks.

Many students are now programming for mobile platforms. I recommend this book to graduate-level students in computer science. If developers make security a top priority, it will become a part of the available apps, thus enhancing the ecosystem with solid products. In two or three years, this book could be obsolete. However, the book is timely as of the time of writing this review, and should be in every Android developer’s library.

Reviewer:  Naga Narayanaswamy Review #: CR140875 (1305-0382)
1) Davidoff, S.; Ham, J. Network forensics: tracking hackers through cyberspace. Prentice Hall, Upper Saddle River, NJ, 2012.
2) Six, J. Application security for the Android platform. O’Reilly, Sebastopol, CA, 2012.
3) Zdziarski, J. Hacking and securing iOS applications. O’Reilly, Sebastopol, CA, 2012.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
 
Portable Devices (C.5.3 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Adaptive epidemic dynamics in networks: thresholds and control
Xu S., Lu W., Xu L., Zhan Z.  ACM Transactions on Autonomous and Adaptive Systems (TAAS) 8(4): 1-19, 2014. Type: Article
Mar 25 2014
Effort estimates on web application vulnerability discovery
Holm H., Ekstedt M., Sommestad T.  HICSS 2013 (Proceedings of the 46th Hawaii International Conference on System Sciences, Grand Wailea, Maui, HI,  Jan 7-10, 2013) 5029-5038, 2013. Type: Proceedings
Mar 19 2014
Security, privacy and trust in cloud systems
Nepal S., Pathan M.,  Springer Publishing Company, Incorporated, New York, NY, 2013. 450 pp. Type: Book (978-3-642385-85-8)
Mar 12 2014
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2014 ThinkLoud, Inc.
Terms of Use
| Privacy Policy