Why mobile and why Android?

The number of mobile devices users has increased rapidly during the last decade and the Android platform is the market leader and dominates the smartphone industry.

The Android platform has been updated numerous times since its inception, bringing both new features, but also improved security. This has made Android itself more difficult to attack, as a consequence attackers are targeting the actual applications that run on Android.

Since a system’s security is only as strong as its weakest link, insecure apps provide an easy way for an attacker to get a foothold on a device. Once an attacker has compromised an app they will try to move laterally on the device, with the aim of attacking other apps, or Android itself.

Many businesses are now using mobile apps to deliver their services, and this makes mobile devices an increasingly lucrative target to attackers.

Impact of Bring Your Own Device (BYOD) policies in businesses

Bring Your Own Device (BYOD) policies, where staff use their own devices for work, have become increasingly popular especially among small to medium-sized businesses (SMEs). These present a potential risk to the business.

An interesting point to note: the number of large organisations which had a security or data breach involving smartphones or tablets doubled between 2014 and 2015.

Traditionally, businesses’ concerns about security issues have focused on avoiding losing users’ data or their intellectual property. This is why businesses keen to build secure apps usually have a very restrictive BYOD policy, as allowing personal devices uncontrolled access to the business network can often result in the introduction of malware and other nasties.

Notes for nerds: Android 5.0 introduced the concept of Managed Profiles that enables a user’s work apps and data to be separated from their personal apps and data.

By learning secure coding, you not only produce more secure and trusted apps, additionally, you help to protect others by not being the weakest link.

Developing in Android

The Android platform is open source and, in week 2, you will be guided step-by-step to setup Android Studio, which is free to download, and is the main Integrated Development Environment (IDE) for Android.

Figure 1 illustrates the scope of this course in relationship to the Android Framework structure. Further details about Android Framework and security features are available from Android Open Source Project website.

Table

Figure 1: How the scope of this course relates to the Android Framework structure.

Share this article:

This article is from the free online course:

Secure Android App Development

University of Southampton