sabato 7 dicembre 2013

Android Application Security Essentials (review)

Android Application Security Essentials (review)

I don't totally agree with the author in the section "Who this book is for" where she wrote "This book is an excellent resource for anyone interested in mobile security", I think every developer (not only the Android ones) need to develop every piece of code with the security concepts in mind!

Our application need to be fast, beautiful but also secure! Think about all the personal information that we have in out phone or tablet, open any possible door to malicious apps could be a nightmare!

In the book, after a brief introduction on Android application concepts, you start to analize every part of an application under the security point of view, in the book you can also find two good chapters about the crypto API and the security tests. I hope in the future editions of the book the author could expand this two parts with more examples and code snippets!
The best chapter is the 7th, about the securing of application data. Every Android application store a lot of user information and is very easy to loose your device: if you're working on an application that store credit card informations or other sensible data (like medical informations or enterprise access tokens) this chapter will drive you to choice which information store and how to secure the storage!

At the end of the book you have also a very nice chapter about the "future" of the mobile system and some discussion about the security perspective.

Finally, the book is a good reading about the security over Android application, is not the reference guide about crypto API but is a great reading about security best practices.