• Online, Self-Paced
Course Description

Given the relatively open nature of the Android development environment, developers ought to have a clear understanding of the OS structure, as well as how to securely protect application code. In this course, you will be introduced to the Android environment and overall architecture, and will also be presented with a basic understanding of key Android OS security features. You will also learn how to protect Android application code and will learn about best practices to employ when developing secure Android applications.

Learning Objectives

Android Environment Fundamentals

  • start the course
  • describe the major components of the Android Environment, specifically the Android SDK, Eclipse IDE and ADT, Tools (DDMS, ADB)
  • download and install the Android standalone SDK tools package
  • download and install the Android Studio IDE
  • describe how the Linux kernel provides security on the Android platform, including Linux permissions enforcement
  • describe Android runtime components, specifically the Dalvik VM and Core Libraries
  • describe how to start, bind, and create an application service, as well as how to declare a service in the Manifest.xml file
  • define an activity and describe activity stack and callback methods used to implement activity lifecycles
  • describe the Android application framework layer services, specifically the Resource Manager, Activity Manager, Location Manager, Notification Manager, Package Manager, Views, and Content Providers

Understanding Android OS Security Features

  • describe Android software stack layers
  • define the user protection levels that can be assigned in a Manifest permissions file
  • describe the process of application code signing
  • securely package an Android application
  • install and test operation of the Android Debug Bridge tool from the standalone SDK tools package
  • identify application-based permissions, specifically Android Manifest Permissions

Protecting Android Application Code

  • enable the ProGuard code obfuscation tool in Android SDK
  • create an Android application signing key and certificate in Android Studio
  • use code signing to protect Android application code from malware attacks
  • use Linux security services to protect Android application data

Working with Permissions

  • describe how permissions and process attributes are assigned in Android OS
  • describe how permissions are granted and managed for applications with shared user IDs
  • declare Android application permissions in a Manifest permissions file
  • describe how permissions are enforced at the kernel level, native daemon level, and the framework level in Android OS
  • declare a custom permission in a Manifest permissions file

Practice: Securing Application Code

  • identify the permissions for a sample application and sign application code in Android Studio

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.