Secure Android Design and Development

Acknowledgments, Brief, The story of the book, No magic at all!, How to read the book, Who is the book written for?, The big picture, Do We Need to Secure an Android Application?, Principles and Methodologies, Gravity of principles (The rules of the game), The Fail-Safe vs Fail-Secure Principle (Planning for the Unexpected), Least Common Mechanism, Separation of Privilege and Least Privilege, The Zero Trust Principle: Trust No One, Verify Everything, KISS: The Principle of Least Complexity in Security, Defense in Depth, Defensive, Offensive, and Aggressive Programming, Notes on Modularity, cohesion, and coupling, Securing the Development Lifecycle, Design Review, Code Review, Regular Security Assessments, Security Requirements, Integrating Security Testing, Threat Modeling, Standards and Guidelines, Shostack's Four Question Framework, Threat Modelling frameworks, Security Standards and Guidelines, Some keywords to know, Attack and Defense, We don't need to experience it again!, Why are we not learning from history?, How you will be attacked, How to Defend, Act as a chief, Common Programming Mistakes, Memory safety, C and C++, Java, Kotlin, Real world examples, Data Validation, Untrusted Data Sources, Input Validation, Encoding Methods, Sanitizing user inputs, Android Security Model, Let's open the onion layers, Application Sandbox and Android Runtime, Application Signing, Permission and Package Manager, SELinux, AndroidManifest and Components, Inter-process communication, HAL Layer, Play Integrity, Jetpack libraries, Protecting Data, Data life-cycle, What Google has done to address insecure storage, File Integrity Verification, Private Space, Authentication, Network, and Protocols, Android AccountManager for Access Control, Credential Manager, Android Biometric Authentication, Android Network Security Configuration, Sniffing, Certificate Pinning in Android Applications, Implementing SSL/TLS for Android Network Communications, OAuth and OpenID Connect for Android Applications, Bluetooth, Practical Scenarios, Financial Android Application, Key Provider Service, Sensor HAL Layer Daemon, Vehicle Data Logger Application, Compilers and Tools, Clang and GCC Security Features, Obfuscation, R8, Notes on hiding keys, secrets and credentials, Static and Dynamic Analysis Tools, Last word, About the Author, Abbreviations Glossary, References, Appendix, Security Standards and Guidelines, A detailed STRIDE and TARA comparison, Useful tools