Android™ Security Training Course
Course Summary
Android Security is a two-day course focusing specifically on the various security concerns of the Android platform.
We explore Android architecture and its security model, permission system and enforcement, customizing security options, known exploits, memory protections, data protection, device management, SE-Android, more exotic vectors of attack, like malware and tap-jacking.
[top] Duration
2 days.
[top] Objectives
The objective of Android Security training is to give you a solid understanding of inter-workings of Android operating system, its security model, and ways to tighten potential security holes. By the end of this class, you will be able to identify the issues, and understand how to go about securing the system and applications running on them.
This class does not cover Android application development in Java nor C programming for the lower levels.
[top] Audience
Android Security course is designed for security-conscious application developers and system integrators looking to tighten the security of both their devices as well as the applications running on them.
[top] Prerequisites
Android Overview training or any other Marakana Android class that contains Android Overview module.
It is highly recommended that participants be familiar with basics of Java, C/C++, and Linux administration to fully take advantage of this course.
To refresh your Java skills you can review Marakana's Fundamentals of Java tutorial to get up to speed.
Additionally, knowledge of Eclipse is required. You could watch this 30-minute tutorial to get up to speed with Eclipse.
[top] Instructors
Aleksandar Gargenta is the technology brains at Marakana. Always on top of the latest in software, Aleksandar is the company's radar for technology that matters. His latest ventures are perfecting Marakana's Android Internals and Security courses.
Phew. And if that's not enough, he's also the chief architect of Marakana Spark, the on-demand software platform that powers marakana.com and a number of other training companies. As an instructor he's taught hundreds of classes for everyone from Apple to Disney, from NASA to the Department of Defense.
In his spare time Aleksandar runs the San Francisco Java, Android, and HTML5 User Groups with over three thousand members across the three groups.
Aleksandar holds a bachelor’s degree in Mathematics and Computer Science from the University of Waterloo. He is also a father, photographer, hiker, and a race-car driver :-)
Ken Jones has thousands of in-class hours teaching advanced technical topics, and over 20 years experience in technical training and documentation targeted towards software developers. Ken has delivered training to various software development teams within the Fortune 1000 such as Cisco, Intel, IBM, Boeing, AT&T, Ericsson/Nokia, and many more. Ken's expertise spans multiple areas of software development; he has trained teams in Java, Javascript, Android, and advanced web development with HTML, CSS, and XML.
More about Ken Jones...
Marko founded Marakana back in 2001 to help underprivileged youth, minorities, and inner-city kids learn web technologies and get ahead in life. So Marakana emerged with goal of helping people get better at what they do professionally, focused on open source software training.
Marko is the developer of Marakana Android Training series. He has taught Android for companies such as Sony-Ericsson, Qualcomm, Ericsson Canada, and many others. Marko is a co-founder of San Francisco Android Users Group and regularly teaches Android Bootcamp at Marakana.
Marko is author of Learning Android book published by O'Reilly Media. This book is based on Android Bootcamp and incorporates best learning practices for new developers to start creating applications for this exciting open source mobile platform.
Marko is also the co-chair of Android Open, an O'Reilly conference focusing on Android ecosystem.
In 2006 Marko Gargenta published "PHP and MySQL By Example", a collection on PHP examples. The book was published by Prentice Hall, world's largest technology publisher and has been also translated to Spanish.
Marko Gargenta obtained his Bachelor of Mathematics Degree from University of Waterloo (Canada's MIT) and has been developing in Java since 1996. He lives in San Francisco, California.
More about Marko Gargenta...[top] Outline
Overview
- Overview of Android (optional)
- Overview of Android Building Blocks (optional)
- Overview of Android OS
Android Stack from the Security Perspective
- Android Linux Kernel Layer
- Overview
- Binder
- Ashmem
- Pmem
- Wakelock
- Early Suspend
- Alarm
- Low Memory Killer
- Logger
- Alarm
- Paranoid Network Security
- Other Kernel Changes
- Android User-Space Native Layer
- Overview
- Bionic (libc)
- User-space Hardware Abstraction Layer (HAL)
- Native Daemons: ueventd, servicemanager, vold, netd, rild, mediaserver, keystore, racoon, zygote, system_server, adbd, surfaceflinger, etc.
- Function libraries: libwebcore (Web Kit), V8, SQLite, libssl (OpenSSL), etc.
- Android Runtime / Dalvik Virtual Machine
- Android Application Framework Layer
- Overview
- Managers and Services
- Activity Manager Service
- Package Manager Service
- Power and Alarm Manager Services
- Notification Manager Service
- Keyguard Manager Service
- Location Manager Service
- Sensor Manager Service
- Search Manager Service
- Vibrator Manager Service
- Connectivity, Telephony, and Wifi Manager Services
- Input Method and UI Mode Manager Services
- Download and Storage Manager Services
- Audio Manager Service
- Window Manager Service
- Additional Manager Services
- Android Applications Layer
- Overview
- Android Built-in Applications
- Android Built-in Content Providers
- Android Built-in Input Methods
- Android Built-in Wallpapers
Android Startup from the Security Perspective
- Bootloading the Kernel
- Android’s init Startup
- Startup of daemons
- Zygote Startup
- System Server Startup
- Startup of system services
- Startup of applications
Android Security
- Android Security Architecture
- Application Signing
- User IDs
- File Access
- Using Permissions
- Not-using permissions: using Intents instead
- Permission Enforcement
- Declaring Custom Permissions
- Custom Permissions by Example
- Lab: Custom Permissions
- ContentProvider URI Permissions
- Public vs. Private Components
- Intent Broadcast Permissions
- Pending Intents (Optional)
- Data protection and Encryption
- SSL and HTTPS
- JCE with BouncyCastle
- Whole Disk Encryption
- Dangers
- Lab: Encryption (Optional)
- Rooting
- How to get root: exploits
- Keeping root
- Dangers
- Security of Memory
- ASLR
- NX
- ProPolice
- Valginrd
- Other protections
- Tap-Jacking on Android
- Android Device Administration
- Overview
- Policies
- Device Administration by Example
- Lab: Device Administration
- Malware
- The state of malware on Android
- Prevention
- Detection
- Removal
- Lab: Anti-malware
- SE Android / SE-Linux on Android
- Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
- Goals of SE Android
- What SE Android can/cannot do
- Challenges
- Other Security Concerns
[top] Student Testimonials
Very good balance of Android basics and security topics. As someone knowing little about either coming in, I learned a lot.
Great course as always from Marakana. The level of knowledge and expertise that the Marakana instructors have is top notch. Would not go anywhere else for Android training.
Great class. Too bad didn't have time to do the exercise together. Having exercise/labs is excellent idea though. If you come up to Seattle/Bellevue, pls let us, T-Mobile Bellevue, know.