Tiny Android Security Tutorial

[Secure Android App Development] Free MOOC (now retired) offered by University of Southampton

Another Great Resource:MobiSec

Github Repo: BuggyTheApp

1.8 Terminology

1.9 Threat and risk modelling

1.10 Unacceptable loss and residual risk

1.12 Security Controls

2.12 Attacking BuggyTheApp

2.13 SQL injection

2.14 Fortify SCA to scan for vulnerabilities

2.15 Fixing SQL vulnerability

2.16 Input Validation

3.2 Security by Design

3.3 Principle of Least Privilege

3.5 Android Application Sandbox

3.6 A quick refresher of application components under Android

3.7 Public or private components

3.8 Overview of Permissions

3.9 Creating Permissions

3.10 Using Permissions

3.13 Introduction to Interprocess Communication

3.15 Asynchronus IPC in Android

3.16 Synchronus IPC in Android

3.17 Securing Activities

3.18 Securing Services

3.19 Securing Content Providers

3.21 Securing Broadcast receivers

4.4 Data Storage Options

4.5 Internal & External Storage

4.7 File and disk encryption

4.8 Android KeyStore

4.9 Cryptographic Keys

4.10 Securely sharing data via Content Providers

4.12 Hashing Data

4.13 The Key Principles

4.14 Authenticating the user to a remote server

4.15 Authenticating remote servers and encrypting connections

4.16 WebView Input Validation.