The Mobile Application Hacker’s Handbook
The Mobile Application Hacker’s Handbook
Written by Kay Ewbank   

Authors: Dominic Chell, Tyrone Erasmus, Shaun Colley and Ollie Whitehouse
Publisher: Wiley
Pages: 816
ISBN: 978-1118958506
Print: 1118958500
Kindle: B00TSA6KLG
Aimed at: mobile developers
Rating: 4.5
Reviewed by: Kay Ewbank

Covering how to write apps that don’t fall foul of vulnerabilities, a more accurate title would be the mobile apps anti-hacker’s handbook.  

he problem of having a book that covers all the major platforms - Android, iOS, Windows Phone and Blackberry - is that few developers are likely to be writing for all the platforms, so how much of the book is useful will vary. The authors describe it as four books in one. In each case, you’re shown how to perform a mobile application security assessment, starting with how to go about the analysis, then looking at potential vulnerabilities, and finally telling you what to do to make your app safer.




The book starts with a general overview of security in mobile applications. The authors point out that most mobile apps perform some kind of data access across networks, so present would-be hackers with a range of vulnerable layers and rich pickings if the attack is successful. Along with analysis of the main attack surfaces, there’s a useful overview of the security resources you might use to assess the vulnerabilities of your own apps.

From this point onwards the book splits into different parts each aimed at a specific mobile environment, starting with iOS. There’s a chapter analyzing iOS apps that looks at the security on iOS and how those features have been circumvented through jailbreaking. The authors describe concepts such as the data protection API and the keychain. There’s a good section on building a test environment that you can use to build, test and explore iOS apps. The next chapter looks at attacking iOS apps, and more particularly the techniques that might be used such as SQL inject, XML external entity injection, and the insecurities of the Inter Process Communication used to transmit data between apps on the same device.

Chapter 4 describes how you can audit iOS apps for vulnerabilities in the way the device’s address book, geolocation frameworks and logging system are used. There’s also some interesting stuff on how residual data can expose content such as snapshots, web view information and pasteboards. The final chapter in the iOS section covers what you can do to make sure your iOS apps are more secure. Topics include securely implementing encryption, erasing data, and embedding protection.




Android is the next platform to be covered, followed by Windows Phone and Blackberry. In each case there are similar chapters to the iOS ones – analyzing apps, attacking apps, implementation issues and writing secure apps - with material specific to the particular platform.

The book ends with a chapter on cross platform apps that looks at how such apps usually are web apps with a bridge to local resources, and the way the bridge is the weak point.

The authors have done a good job on giving a thorough grounding on the security model of each of the platforms, along with how apps fit in those models. Not being a hacker, I can’t really comment on whether they’ve covered all the weak points, but they certainly gave a lot of interesting things to avoid and some guidance on ways towards writing safe applications.


To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.


Algorithms in a Nutshell, 2nd Ed

Author: George Heineman, Gary Pollice, Stanley Selkow
Publisher: O'Reilly
Pages: 390
ISBN: 978-1491948927
Print: 1491948922
Kindle: B01DAWPK6S
Audience: Programmers wanting to catch up on algorithms
Rating: 5 
Reviewer: Mike James 

Over the festive season IProgrammer asks its revie [ ... ]

Python: Pocket Primer

Author: Oswald Campesato
Publisher: Mercury Learning & Information
Pages: 265

ISBN: 978-1938549854
Print: 1938549856
Kindle: B00KGF0PJA

Audience: Programmers using the Python 2 branch
Rating: 4.5
Reviewer: Mike James

There is a lot of Python to keep in your head, so a pocket [ ... ]

More Reviews


Last Updated ( Friday, 09 October 2015 )

RSS feed of book reviews only
I Programmer Book Reviews
RSS feed of all content
I Programmer Book Reviews
Copyright © 2017 All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.