Skip to 0 minutes and 6 secondsDR.

Skip to 0 minutes and 6 secondsGARY WILLS: This week we're going to look at data security and how to store data securely on the application. Most applications also want to store data externally. And for that reason, we're going to teach you how to make a secure connection to an external service. We will also give you some code. The code will show you the common vulnerabilities and mistakes that people make when making these secure connections, either externally or on the device.

Welcome to week 4

In this short video, Dr Gary Wills, introduces you to the topics that we will be covering with you this week.

Last week we looked at fixing the vulnerabilities related to the permissions in BuggyTheApp and we have added a video walkthrough into week 3.

This week we will look at securely storing data on an Android device, the concept of data hygiene, and how Android’s file and disk encryption protect your app’s data.

We will also look at securing communication with remote servers, and the difference between authentication and authorisation.

Again this week, you are encouraged to continue playing with BuggyTheApp in FortifySCA and to use the exercises provided to practice identifying further potential vulnerabilities.

On Friday 27th January, we will release BuggyTheFix. You can use this ‘fix’ to check against the code in your solutions to the exercises in weeks 3 and 4.

By the end of this week you will be able to:

  • explain the concept of data hygiene

  • explain the difference between internal and external storage

  • describe Android file and disk encryption

  • use Content Providers for secure data sharing

  • explain the principles of secure network communication

  • list the advantages of authorisation tokens

  • describe the risks with over trusting CA root certificates

  • create HTTPS connections

  • use the Network Security Configuration feature of Android 7.0

Share this video:

This video is from the free online course:

Secure Android App Development

University of Southampton