The Mobile Application Hacker’s Handbook
The Mobile Application Hacker’s Handbook
Written by Kay Ewbank   

Authors: Dominic Chell, Tyrone Erasmus, Shaun Colley and Ollie Whitehouse
Publisher: Wiley
Pages: 816
ISBN: 978-1118958506
Print: 1118958500
Kindle: B00TSA6KLG
Aimed at: mobile developers
Rating: 4.5
Reviewed by: Kay Ewbank

Covering how to write apps that don’t fall foul of vulnerabilities, a more accurate title would be the mobile apps anti-hacker’s handbook.  

he problem of having a book that covers all the major platforms - Android, iOS, Windows Phone and Blackberry - is that few developers are likely to be writing for all the platforms, so how much of the book is useful will vary. The authors describe it as four books in one. In each case, you’re shown how to perform a mobile application security assessment, starting with how to go about the analysis, then looking at potential vulnerabilities, and finally telling you what to do to make your app safer.

 

Banner

 

The book starts with a general overview of security in mobile applications. The authors point out that most mobile apps perform some kind of data access across networks, so present would-be hackers with a range of vulnerable layers and rich pickings if the attack is successful. Along with analysis of the main attack surfaces, there’s a useful overview of the security resources you might use to assess the vulnerabilities of your own apps.

From this point onwards the book splits into different parts each aimed at a specific mobile environment, starting with iOS. There’s a chapter analyzing iOS apps that looks at the security on iOS and how those features have been circumvented through jailbreaking. The authors describe concepts such as the data protection API and the keychain. There’s a good section on building a test environment that you can use to build, test and explore iOS apps. The next chapter looks at attacking iOS apps, and more particularly the techniques that might be used such as SQL inject, XML external entity injection, and the insecurities of the Inter Process Communication used to transmit data between apps on the same device.

Chapter 4 describes how you can audit iOS apps for vulnerabilities in the way the device’s address book, geolocation frameworks and logging system are used. There’s also some interesting stuff on how residual data can expose content such as snapshots, web view information and pasteboards. The final chapter in the iOS section covers what you can do to make sure your iOS apps are more secure. Topics include securely implementing encryption, erasing data, and embedding protection.

 

mobhacker

 

Android is the next platform to be covered, followed by Windows Phone and Blackberry. In each case there are similar chapters to the iOS ones – analyzing apps, attacking apps, implementation issues and writing secure apps - with material specific to the particular platform.

The book ends with a chapter on cross platform apps that looks at how such apps usually are web apps with a bridge to local resources, and the way the bridge is the weak point.

The authors have done a good job on giving a thorough grounding on the security model of each of the platforms, along with how apps fit in those models. Not being a hacker, I can’t really comment on whether they’ve covered all the weak points, but they certainly gave a lot of interesting things to avoid and some guidance on ways towards writing safe applications.

 

To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.

Banner


Learning MIT App Inventor

Author: Derek Walter, Mark Sherman 
Publisher: Addison-Wesley
Pages:240 
ISBN: 978-0133798630
Print: 0133798631
Kindle: B00Q2X94CO
Audience: Novice programmers wanting to create apps
Rating: 3.5
Reviewer:  Mike James

 

A hands on guide to building your own Andr [ ... ]



Learning jQuery

Author: Ralph Steyer
Publisher: Addison-Wesley
Pages: 512
ISBN: 978-0321815262
Audience: JavaScript programmers
Rating: 3
Reviewer: Ian Elliot

This book has the subtitle A Hands-on Guide to Building Rich Interactive Web Front Ends. Does it live up to expectation?


More Reviews

 

Last Updated ( Friday, 09 October 2015 )
 
 

   
Banner
Banner
RSS feed of book reviews only
I Programmer Book Reviews
RSS feed of all content
I Programmer Book Reviews
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.