From the course: Android App Security: A Structured Approach to Pen Testing
Domains of Android security - Android Tutorial
From the course: Android App Security: A Structured Approach to Pen Testing
Domains of Android security
- [Instructor] Now that we have established the differences between web and Android application testing, let us analyze the different domains of Android application security. Primarily, there are three domains of Android application security. First is code security. Under code security, we check the quality of the code of the application file. We check if there are hard coded IP addresses, credentials, weak cryptographic libraries, insecure certificates, or any other vulnerability associated with poor coding practices in the code of the Android application. Second is communication security. Under communication security, we check how the application interacts with the server. Here, we test for vulnerabilities in the authentication, authorization, session management, and other dynamic parameters used in the interaction between the application and the server. This portion is basically similar to what we do using bug sweep for web applications. The third, and the last is platform interaction testing. Under this, we check how the application interacts with the Android device. Here we check for leakages in sensitive information like usernames, passwords or any other confidential data that the application does to the Android device or any other application installed on that Android device. In the coming sessions, we will be covering each of these domains in greater detail.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.