Please log in to watch this conference skillscast.
Android N brings a plethora of security enhancements to the platform and the SDK. Including Network Layer Security, Hardware-backed Keystore, APK Signing v2, Scoped Directory Access and Direct Boot.
Network security has seen a huge update in terms of securing HTTPS/TLS connections safely. Without the need for code changes you can use the new Network Security Config to prevent accidental clear text communications, limit who you trust and more.
There’s also a new method to verify the presence and contents of a hardware-backed Keystore, which is the prefered way to create, store, and use cryptographic keys on Android devices. The hardware KeyStore is useful as it guards against extraction on rooted devices.
Are your .apk files going to be more secure with apk signing schema v2? Scott will explore what this is and what it means for your existing apps.
Device storage permission gets more granular with scoped directory access. Also starting in Android N, when the device is powered on it can boot into a new mode called Direct Boot. Do you need to make your app Direct Boot aware? What’s the difference between credential protected storage and device protected storage?
But what if your minSDK isn't 24? Come to this talk to get a concise update on the new features, practical tips and examples of how to implement in your app today!
YOU MAY ALSO LIKE:
- Uncle Bob's Advanced TDD (in London on 30th - 31st October 2017)
- Whole Team Approach to Agile Testing (in London on 6th - 8th November 2017)
- Gojko Adzic's Specification by Example: From User Stories to Acceptance Tests (in London on 7th - 8th November 2017)
- Agile Testing & BDD eXchange 2017 (in London on 9th - 10th November 2017)
What's NNNNNNNNew in Android Security?
Scott is a consultant Android developer who is passionate about mobile app security and recently joined the Google Developer Experts program. He is co-author of “The Android Security Cookbook”, speaks at various conferences on the subject and has released several security related open source libraries.