Big Nerd Ranch Guide: Discussion on Security?

Do you discuss how to right secure Android applications? Do you discus how to prevent the OWASP top ten security vulnerabilities using Java and the Java Android libraries?

DavidJohn Raymond wrote:Do you discuss how to right secure Android applications? Do you discus how to prevent the OWASP top ten security vulnerabilities using Java and the Java Android libraries?

We do not talk too much about security in the book (its certainly not a focus). There are a few areas that we touch on, like where you should/shouldn't be storing data (and what kind of data). When we talk about databases, we perform queries in a way that is safe from SQL injection attacks. To my knowledge, there's nothing in the book that we do that is bad from a security standpoint. But, like I said, security is not the focus of the book.

We are interested in security and are working on an Android Security course. My coworker, Bolot, is actually a top contributor to the OWASP Mobile Security Testing Guide. You can see that work for free: https://github.com/OWASP/owasp-mstg

I think it is great that your examples are going to be ones that you feel represent best practices. I think it is important that books should use the best quality code that is as close to production quality as possible especially for a new platform that is unfamiliar to some of us. I would be very interested in Android Secure Code training.

Security is such an important topic for mobile that I advise to get a proper grounding by reading a book geared for that, like Application Security for the Android Platform, or the Android Security Cookbook. Both (but especially the former, short as it is) were eye openers that caused me adopt several new approaches in my apps.