- Android Application Security Essentials
- Pragati Ogal Rai
- 171字
- 2021-08-13 16:25:28
Application signing
One of the differentiating factors of Android is the way Android applications are signed. All applications in Android are self-signed. There is no requirement to sign the applications using a certificate authority. This is different from traditional application signing where a signature identifies the author and bases trust upon the signature.
The signature of the application associates the app with the author. If a user installs multiple applications written by the same author and these applications want to share each other's data, they need to be associated with the same signature and should have a SHARED_ID
flag set in the manifest file.
The application signature is also used during the application upgrade. An application upgrade requires that both applications have the same signature and that there is no permission escalation. This is another mechanism in Android that ensures the security of applications.
As an application developer, it is important to keep the private key used to sign the application secure. As an application author, your reputation depends on it.
- Node Security
- SASE原理、架構與實踐
- 計算機網絡安全技術(第6版·慕課版)
- Metasploit Penetration Testing Cookbook(Third Edition)
- INSTANT Metasploit Starter
- 黑客攻防入門秘笈
- Python Penetration Testing Cookbook
- 移動APT:威脅情報分析與數據防護
- Instant Java Password and Authentication Security
- 物聯網安全滲透測試技術
- 人工智能安全(精裝版)
- 無線傳感器網絡安全與加權復雜網絡抗毀性建模分析
- Cybersecurity Threats,Malware Trends,and Strategies
- 功能型密碼算法設計與分析
- 信息組織