1. Deployment security: The application must use a digital certificate to install to the device.
2. Security during execution: 2.1 Using stand-alone process 2.2 using a fixed unique user ID 2.3 Declaration of Rights Model 3 digital certificate 3.1. Usefulness of digital certificates: using digital certificates
to sign an appPrevents the application from being updated illegally (only the same digital certificate can be updated) 3.2. Digital certificates: Artifacts that contain information such as company name and address. Important features include (signature and public/private key). 3.3. Acquisition of digital certificates: A. Purchase from a certification Authority B. Generate using tools such as Keytool. 3.4 Storage of digital certificates: stored in the KeyStore, with aliases, represented in the KeyStore with aliases. 3.5 Certificate Generation Command Keytool-genkey-v-keystore "C:\android\release\release.keystore"
-alias androidbook-storepass paxxword-keypass paxxword-keyalg RSA
-validity 14000
Validity period Google requires more than 14,000 days, if it fails, the app can continue to use, but to update and other building activities will be error. 3.6 The certificate update must match the previous certificate.
4. Sign the application: 4.1 Three elements: Digital certificate, APK, the use of a digital certificate to the APK file (you can use Jarsigner in the JDK) 4.2 5. The default signing certificate used for debugging cannot be used for production deployments because it is valid for only 365 days. 6.android requires that updates to the app and program be signed with the original signature. 7. To improve operational efficiency, the Android view maps the uncompressed data in the app to Memory Mmap (), but the premise is that the data in the app is byte aligned, so it's best to align the app before publishing it to the device. The SDK provides tools that can be executed at the command line: >zipalign-v 4 old.apk new.apk Check reconciliation >zipalign-c-V 4 afinaltest_align.apk 8. Boundary Security: Standalone The user ID and the independent process, guaranteeing the boundary. To apply a direct resource share, it must be displayed. 9. The required permissions must be declared in the description file, and when the installation is applied, the user can decide whether to allow these permissions, and if not, any unauthorized operations will fail. 10. Common permissions 11. Add a permission Request method <manifest ... >
<application>
...
</application>
<uses-permission android:name= "Android.permission.CAMERA"/>
<uses-permission android:name= "Android.permission.READ_CONTACTS"/>
<uses-permission android:name= "Android.permission.READ_CALENDAR"/>
</manifest>
12. Customizing permissions<PermissionAndroid:protectionlevel =
"Normal"Android:label=
"Start My Activity"android:description=
"@string/startmyactivitydesc"Android:name=
"Dcm.permission.STARTMYACTIVITY" ></Permission> use a
custom authorization to control the invocation permissions of an activity <Activity Android:name=
"Privactivity" android:permission =
"Dcm.permission.STARTMYACTIVITY"> <Intent-filter > <Action Android:name=
"Android.intent.action.MAIN" /> </Intent-filter> </Activity > Request Custom
permissions < uses-permission Android:name =
"Dcm.permission.STARTMYACTIVITY" />12.URI permission-passing apps can pass ContentProvider permissions, while ContentProvider's permissions are presented through URIs. If an app wants to pass permissions to another app, it can do the following, provided the appropriate permissions are required to deliver the permission. Intent Intent = new Intent (Intent.action_view);
Intent.setdata (Contenturi);
Intent.addflags (intent.flag_grant_read_uri_permission);
StartActivity (Intent);
Android Learning 14 Explore security and permissions
