A key challenge of mobile platforms is that the apps installed on a device increase the number of potential security vulnerabilities. Mistakes in app development or cloud services can lead to vulnerabilities that cause users data to be stolen, charges to user accounts, and spread of malware to a user’s friends. Ensuring that mobile cloud application developers are aware of potential vulnerabilities and avoid introducing them into their code is an essential part of building a more secure app ecosystem.The course is designed to help students understand how to write more secure mobile cloud applications for Android. Students will be introduced to specific vulnerabilities that have affected well-known apps and be given a wide view of app threats on Android. Developers will also be introduced to the secure coding techniques that can be used to help prevent the introduction of app and cloud service vulnerabilities.
The Mobile Cloud Computing with Android (MoCCA) Specialization
This is the 6th course of the six-course Mobile Cloud Computing with Android (MoCCA) Specialization. It has been designed as part of a Coursera Specialization designed to help learners create complex, cloud-based Android Applications, and includes a final “capstone” project for those who earn Verified Certificates across all six courses.
Note: We are proud to announce that the MoCCA specialization has already reached hundreds of thousands of learners around the globe. In its last iteration, we worked with Google to provide Nexus tablets, feedback from the Google App team, and the potential to be featured in the Google Play store to top course completers.
This time around, we are providing more flexibility for all of you busy learners. We are running the Programming Mobile Applications courses in more digestible one-month-long sections, each with a meaningful mini-project at the end. Additionally, we will be re-offering the courses more frequently. For example, new sessions of my two introductory courses will be launched on a monthly basis, so that you can find a convenient time to join us or pick up where you left off if you didn’t quite finish before.
For previous MoCCA students: If you have already earned a Verified Certificate in the previous version of this course, "Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems” offered in May 2014, you do not need to retake this course to continue towards the Specialization certificate and final project in 2015. Please consult the Specializations Help Center or contact the Coursera support team if you are not sure whether you qualify.
This MOOC and five others, taught by Dr. Adam Porter from the University of Maryland and Dr. Jules White from Vanderbilt University, have been designed to complement each other as part of the first trans-institution sequence of MOOCs taught on the Coursera platform, structured as follows:
The first two courses by Dr. Adam Porter, of the University of Maryland, are Programming Mobile Applications for Android Handheld Systems Part 1 and Part 2. They focus on the design and programming of user-facing applications.
The third and fourth courses by Dr. Douglas Schmidt, of Vanderbilt University, are Programming Mobile Services for Android Handheld Systems: Concurrency and Communication. They focus on middleware systems programming topics, such as synchronous and asynchronous concurrency models, background service processing, structured data management, local inter-process communication and networking, and integration with cloud-based services.
The fifth and sixth courses by Dr. Jules White, of Vanderbilt University, are Programming Cloud Services for Android Handheld Systems: Spring and Security. They focus on how to connect Android mobile devices to cloud computing and data storage resources, essentially turning a device into an extension of powerful cloud-based services on popular cloud computing platforms, such as Google App Engine and Amazon EC2.
The final “capstone” project will require students to develop a complex mobile cloud computing application from the ground up.
Some of the programming assignments and the iRemember integrative project for these MOOCs will be coordinated.
If you just want to take some of the MOOCs in this sequence or take them all in different order you’re certainly welcome to do so, and you’ll still learn a lot. However, if you take all the MOOCs in this sequence in the order presented you’ll gain a deeper, end-to-end understanding of handheld systems, their applications and services, as well as their integration into the cloud.
This MOOC describes, by example, the basics of securing mobile applications and back-end cloud services. The class is taught in the context of Java, Android, and the Java Spring Framework. Although the cloud service topics in this course will be taught in the context of connecting mobile devices to the cloud, the concepts are broader and will give students the ability to create the cloud services to support large-scale web applications, such as social networking applications; cloud services for embedded systems, such as the Internet of Things and Industrial Internet; and wearable computing devices.
The course is organized into the sections outlined below (additional lectures may be provided live once the MOOC has begun):
Module 1: Android App Security and Risks
Part 1: Traditional App Accounts
Part 2: Mobile vs. Traditional App Accounts
Part 3: App Account Mapping to Linux Users
Part 4: Apps Lie & Steal
Part 5: How Android Protects Apps
Part 6: What Android Doesn't Protect
Part 7: Avoid Storing Sensitive Data in Public Locations
Part 8: Risks of Insecure File Permissions
Module 2: Building More Secure Android Apps
Part 0: The Challenge of Secure Coding
Part 1: Security Vulnerability Walkthrough
Part 2: Principles of Secure Abstractions
Part 3: Avoid Coupling Data & Security State
Part 4: Build Abstractions that are Hard to Use Insecurely
Part 5: Bound & Strongly Type Security State
Part 6: Avoid Conditional Logic in Secure Pathways
Part 7: Prevent Secure Pathways from Being Broken at Runtime
Part 8: Privilege Escalation Concepts
Part 9: Privilege Escalation Scenario
Part 10: Privilege Escalation Code Walkthrough
Part 11: Privilege Escalation Fixes
Part 12: User Interface Attacks
Part 13: Cross-platform User Interface Attacks
Module 3: Secure HTTP Communication
Part 1: Man in the Middle Attacks Public Key Infrastructure
Part 2: HTTPS
Part 3: Challenges of Storing Secrets on Mobile
Part 4: WebView Security Issues & Best Practices
Module 4: What was I Saying: Keeping Track of Sessions
Part 1: Sessions
Part 2: Spring Security Overview
Part 3: Spring Security Configuration in Java
Part 4: Building a Custom UserDetailsService
Part 5: Setting up a custom UserDetailsService
Part 6: The Principal
Part 7: Spring Security Role Annotations
Part 8: More Complex Expression-based Pre Post Authorize Annotations
Part 9: Spring Security Controller Code Walkthrough
Part 10: Spring Security Controller Test Code Walkthrough
Module 5: Authenticating Mobile Clients with OAuth
Part 1: Stateful Sessions with Cookies Why They Aren't Ideal for Mobile
Part 2: Stateless Sessions with Tokens
Part 3: OAuth 2.0
Part 4: Spring Security OAuth 2.0
Part 5: A Spring OAuth 2.0 Secured Service
Part 6: A Retrofit Oauth 2.0 Client for Password Grants