Skip to 0 minutes and 6 secondsDR GARY WILLS: This week, we are going to look at the risk assessment of making an application on Android. So we're going to start with understanding what the assets of a mobile application are. From the understanding of the assets, we're able to take a risk assessment. And once we've undertaken the risk assessment identifying both the threats and the vulnerabilities that these information assets are exposed to, we're able then to decide what are the controls we need to put in place in order to protect these assets?

Welcome to the course

This week we will be looking at how we assess the risk of making an application on Android. In this short video, Dr Gary Wills, introduces you to the topics that we will be covering with you this week. Gary, Dr Toby Wilkinson and Zeyad Aaber are your course educators.

During the course they will be supported by the online mentoring team: Hany Atlam, Raid Hussein, Watthanasak (Hall) Jeamwatthanachai, and Kate Dickens.

You can follow them by choosing the links to their FutureLearn profile pages and selecting ‘follow’. That way, you’ll be able to see all the comments that they make.

Course outline

During the four weeks of this course, you’ll learn about the common vulnerabilities found in Android apps, and how to detect and mitigate them.

These skills are increasingly in demand as mobile applications proliferate in the workplace, and increasingly proof of secure code is required before companies will use them. Make security a priority during your Android app development to protect yourself, and the users of your application.

This course has been created by the Cyber Security Academy (CSA) at the University of Southampton and developed in association with Hewlett Packard Enterprise as part of its mission to address the significant global skills shortage in cyber security and secure app development.

Over the next four weeks, the course will explore three aspects of developing secure apps in Android:

  1. Why should you care about mobile app security? We’ll cover common application flaws, the cyber risk these expose, and how to control and mitigate this risk.

  2. Security architecture on Android. We’ll examine the way the Android operating system compartmentalises code and uses permissions. We’ll demonstrate how to use permissions to secure Interprocess Communication (IPC), and how to secure data and network connections.

  3. Static analysis of code. From Week 2, you will be using the world’s most-adopted toolset, Fortify Static Code Analyzer (SCA) from Hewlett Packard Enterprise, to identify and fix common vulnerabilities in Android apps. This is used by the majority of the largest IT companies, banks, pharmaceuticals, software vendors and telecommunications companies.

We have developed some code with known vulnerabilities, BuggyTheApp, to help you to become familiar with using the tool to look for vulnerabilities in your code.

This week …

In week 1 we look at the cyber risks for mobiles and how we can control the risks.

By the end of this week you will be able to:

  • explain the importance of security in mobile applications

  • identify the top three set of threats and vulnerabilities for mobile applications

  • assess the cyber security risk within an Android mobile application

Video update on the week’s activities

Each week, our course team will be sharing their thoughts on the week’s activities via a near real-time video update on our YouTube channel. The link to this week’s video will be posted on step 1.14 no later than 19:00 GMT on Saturday 7 January 2017.

If you have any questions for the team, please either add these into the comments on step 1.14 or use the course hashtag #FLsecureapp on Twitter. Please use the ‘Like’ buttons as we will be looking to answer the most popular questions.

Share this video:

This video is from the free online course:

Secure Android App Development

University of Southampton