Skip to 0 minutes and 6 secondsGARY WILLS: This week we're going to look at data security and how to store data securely on the application. Most applications also want to store data externally. And for that reason, we're going to teach you how to make a secure connection to an external service. We will also give you some code. The code will show you the common vulnerabilities and mistakes that people make when making these secure connections, either externally or on the device.
Welcome to week 4
In this short video, Dr Gary Wills, introduces you to the topics that we will be covering with you this week.
Last week we looked at fixing the vulnerabilities related to the permissions in BuggyTheApp and we have added a video walkthrough into week 3.
This week we will look at securely storing data on an Android device, the concept of data hygiene, and how Android’s file and disk encryption protect your app’s data.
We will also look at securing communication with remote servers, and the difference between authentication and authorisation.
Again this week, you are encouraged to continue playing with BuggyTheApp in FortifySCA and to use the exercises provided to practice identifying further potential vulnerabilities.
On Friday 27th January, we will release BuggyTheFix. You can use this ‘fix’ to check against the code in your solutions to the exercises in weeks 3 and 4.
By the end of this week you will be able to:
explain the concept of data hygiene
explain the difference between internal and external storage
describe Android file and disk encryption
use Content Providers for secure data sharing
explain the principles of secure network communication
list the advantages of authorisation tokens
describe the risks with over trusting CA root certificates
create HTTPS connections
use the Network Security Configuration feature of Android 7.0
© University of Southampton 2017