Not Obvious

Intended to be Interesting, Intriguing & Insightful. Most Likely Mundane.
« Back to blog
 

Highly Unprofessional Android Development

In the event you don't also follow the personal blog, I've switched ecosystems and abandoned my iPhone in favor of an Android mobile device (the HTC Incredible). While I may continue to tinker in iPhone OS development, I'm diving into Android 2 development in the little free time I have and picked up Professional Android 2 Application Development (Wrox Programmer to Programmer) to complement the various online SDK documentation and tutorials.

While I was enjoying a freshly made americano this morning, I started to peruse the near-boilerplate first few chapters when I came across the following precious nugget:

If you have images disabled, the text reads:

"For reasons of clarity and simplicity, many of the examples in this book take a fairly relaxed approach to security. When you're creating your own applications, particularly ones you plan to distribute, this is an area that should not be overlooked."

I posted a quick tweet about it, but felt the need to expand upon it in a post.

For starters, I find it difficult to even continue reading the material given that I would expect a book about "professional" development techniques to absolutely include security concepts throughout the topics being presented - even at the "Hello, world!"-level examples. Given the current state of digital security and privacy, I believe it to be highly irresponsible by the publisher of the book (Wrox) to release a title such as this without security being baked into the finished product. I would not be as critical if the title was "Just Checking Out Android 2 SDK Basics". Adding the word "professional" should mean that it provides all the fundamental tools and techniques to make solid & secure Android apps.

While I have yet to progress further into the text, if it does not thoroughly cover at least the need for comprehensive input validation and local and in-transit encryption techniques, I would highly recommend budding Android programmers to avoid this book and find a forum where you can learn the ins-and-outs of this SDK with a security hat firmly in place. The Android platform puts too much power into the hands of the applications to not code responsibly.

Take a side-step over to Rugged Software site and make a promise to yourself - and your users/customers - to stay true the manifesto and carve out a moment or two to review some core security concerns on the Android platform from ReadWriteWeb's Sarah Perez.

Loading mentions Retweet
Posted May 12, 2010 by boB Rudis 
May 12, 2010
Jim Minatel said...
Bob: You've got a valid concern. While security is covered in chapter 15, my guess is that isn't the depth of coverage you are looking for. As for covering security throughout, yes that is one approach. However it runs the danger of obscuring more specific points you're trying to teach in other chapters if every example includes full-on security measures. In the same way, UI experts could argue that any example that doesn't show best practices in UI design isn't "professional" and soon an example has ballooned into a full application. I'll ask Reto if he'd like to weigh in on this, I'm sure he can provide a better answer than my rough answer here. Thanks for caring enough to point this and out we'll try to learn from it.
Jim Minatel
Associate Publisher - Wrox