The Mobile Application Hacker’s Handbook
Written by Kay Ewbank   

Authors: Dominic Chell, Tyrone Erasmus, Shaun Colley and Ollie Whitehouse
Publisher: Wiley
Pages: 816
ISBN: 978-1118958506
Print: 1118958500
Kindle: B00TSA6KLG
Aimed at: mobile developers
Rating: 4.5
Reviewed by: Kay Ewbank

Covering how to write apps that don’t fall foul of vulnerabilities, a more accurate title would be the mobile apps anti-hacker’s handbook.  

he problem of having a book that covers all the major platforms - Android, iOS, Windows Phone and Blackberry - is that few developers are likely to be writing for all the platforms, so how much of the book is useful will vary. The authors describe it as four books in one. In each case, you’re shown how to perform a mobile application security assessment, starting with how to go about the analysis, then looking at potential vulnerabilities, and finally telling you what to do to make your app safer.

 

Banner

 

The book starts with a general overview of security in mobile applications. The authors point out that most mobile apps perform some kind of data access across networks, so present would-be hackers with a range of vulnerable layers and rich pickings if the attack is successful. Along with analysis of the main attack surfaces, there’s a useful overview of the security resources you might use to assess the vulnerabilities of your own apps.

From this point onwards the book splits into different parts each aimed at a specific mobile environment, starting with iOS. There’s a chapter analyzing iOS apps that looks at the security on iOS and how those features have been circumvented through jailbreaking. The authors describe concepts such as the data protection API and the keychain. There’s a good section on building a test environment that you can use to build, test and explore iOS apps. The next chapter looks at attacking iOS apps, and more particularly the techniques that might be used such as SQL inject, XML external entity injection, and the insecurities of the Inter Process Communication used to transmit data between apps on the same device.

Chapter 4 describes how you can audit iOS apps for vulnerabilities in the way the device’s address book, geolocation frameworks and logging system are used. There’s also some interesting stuff on how residual data can expose content such as snapshots, web view information and pasteboards. The final chapter in the iOS section covers what you can do to make sure your iOS apps are more secure. Topics include securely implementing encryption, erasing data, and embedding protection.

 

mobhacker

 

Android is the next platform to be covered, followed by Windows Phone and Blackberry. In each case there are similar chapters to the iOS ones – analyzing apps, attacking apps, implementation issues and writing secure apps - with material specific to the particular platform.

The book ends with a chapter on cross platform apps that looks at how such apps usually are web apps with a bridge to local resources, and the way the bridge is the weak point.

The authors have done a good job on giving a thorough grounding on the security model of each of the platforms, along with how apps fit in those models. Not being a hacker, I can’t really comment on whether they’ve covered all the weak points, but they certainly gave a lot of interesting things to avoid and some guidance on ways towards writing safe applications.

 

To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.

Banner


Fundamentals of Database Management Systems

Author: Dr. Mark L. Gillenson
Publisher: Wiley
Pages: 416
ISBN:978-1119907466
Print:1119907462
Audience: Database managers
Rating: 3
Reviewer: Kay Ewbank

This book is aimed at people taking a one-semester course in database management as part of their larger information systems management course. As suc [ ... ]



Reliable Source: Lessons from a Life in Software Engineering

Author: James Bonang
Date: January 2022
Pages: 608
Kindle: B09QCBVJ9V
Audience: General interest
Rating: 5
Reviewer: Kay Ewbank

This book combines a fun read with interesting insights into how to write reliable programs.


More Reviews

 

Last Updated ( Friday, 09 October 2015 )