Skip to 0 minutes and 6 secondsDR GARY WILLS: This week we'll look at the Android architecture and in particularly, how you develop applications using inter-process communication. So when you first build your application, it will be in a sandbox with limited permission. However, if you want to do something useful with that application, it's important it is able to correctly talk to other applications or the Android platform itself. To do this, you need to set the correct permissions. To help you understand how to set the correct permissions, we will give you some code. This code is not secure and has a number of vulnerabilities. By learning how to correct this, you will learn how to set the correct permissions on your application.

Welcome to week 3

In this short video, Dr Gary Wills, introduces you to the topics that we will be covering with you this week.

This week we will introduce security by design and the Principle of Least Privilege. We will also look at the security architecture of Android, and how permissions can be used to secure your application and its data.

In particular, we will look at how the different components of an app communicate with each other, and with other apps, and how permissions can be used to secure such communications.

Later on this week, you will be encouraged to continue playing with BuggyTheApp in Fortify SCA and to practice fixing the permissions vulnerabilities and identify inadequate permissions.

We have added a video walkthrough of running Fortify SCA to detect code vulnerabilities in BuggyTheApp.

By the end of this week you will be able to:

  • explain the Principle of Least Priviledge

  • describe the security architecture of Android

  • explain how permissions can be used to secure an app

  • implement secure Interprocess Communication (IPC) between app components

Share this video:

This video is from the free online course:

Secure Android App Development

University of Southampton