A key challenge of mobile platforms is that the apps installed on a device increase the number of potential security vulnerabilities. Mistakes in app development or cloud services can lead to vulnerabilities that cause users data to be stolen, charges to user accounts, and spread of malware to a user’s friends. Ensuring that mobile cloud application developers are aware of potential vulnerabilities and avoid introducing them into their code is an essential part of building a more secure app ecosystem.
The course is designed to help students understand how to write more secure mobile cloud applications for Android. Students will be introduced to specific vulnerabilities that have affected well-known apps and be given a wide view of app threats on Android. Developers will also be introduced to the secure coding techniques that can be used to help prevent the introduction of app and cloud service vulnerabilities.
The Mobile Cloud Computing with Android (MoCCA) Specialization
This is the 6th course of the six-course Mobile Cloud Computing with Android (MoCCA) Specialization. It has been designed as part of a Coursera Specialization designed to help learners create complex, cloud-based Android Applications, and includes a final “capstone” project for those who earn Verified Certificates across all six courses.
Note: We are proud to announce that the MoCCA specialization has already reached hundreds of thousands of learners around the globe. In its last iteration, we worked with Google to provide Nexus tablets, feedback from the Google App team, and the potential to be featured in the Google Play store to top course completers.
This time around, we are providing more flexibility for all of you busy learners. We are running the Programming Mobile Applications courses in more digestible one-month-long sections, each with a meaningful mini-project at the end. Additionally, we will be re-offering the courses more frequently. For example, new sessions of my two introductory courses will be launched on a monthly basis, so that you can find a convenient time to join us or pick up where you left off if you didn’t quite finish before.
For previous MoCCA students: If you have already earned a Verified Certificate in the previous version of this course, “Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems” offered in May 2014, you do not need to retake this course to continue towards the Specialization certificate and final project in 2015. Please consult the Specializations Help Center or contact theCoursera support team if you are not sure whether you qualify.
This MOOC and five others, taught by Dr. Adam Porter from the University of Maryland and Dr. Jules White from Vanderbilt University, have been designed to complement each other as part of the first trans-institution sequence of MOOCs taught on the Coursera platform, structured as follows:
The first two courses by Dr. Adam Porter, of the University of Maryland, areProgramming Mobile Applications for Android Handheld Systems Part 1 and Part 2. They focus on the design and programming of user-facing applications.
The third and fourth courses by Dr. Douglas Schmidt, of Vanderbilt University, are Programming Mobile Services for Android Handheld Systems: Concurrencyand Communication. They focus on middleware systems programming topics, such as synchronous and asynchronous concurrency models, background service processing, structured data management, local inter-process communication and networking, and integration with cloud-based services.
The fifth and sixth courses by Dr. Jules White, of Vanderbilt University, areProgramming Cloud Services for Android Handheld Systems: Spring andSecurity. They focus on how to connect Android mobile devices to cloud computing and data storage resources, essentially turning a device into an extension of powerful cloud-based services on popular cloud computing platforms, such as Google App Engine and Amazon EC2.
The final “capstone” project will require students to develop a complex mobile cloud computing application from the ground up.
Some of the programming assignments and the iRemember integrative project for these MOOCs will be coordinated.
If you just want to take some of the MOOCs in this sequence or take them all in different order you’re certainly welcome to do so, and you’ll still learn a lot. However, if you take all the MOOCs in this sequence in the order presented you’ll gain a deeper, end-to-end understanding of handheld systems, their applications and services, as well as their integration into the cloud.
The course is organized into the sections outlined below.
Module 1: Android App Security and Risks
Part 1: Traditional App Accounts
Part 2: Mobile vs. Traditional App Accounts
Part 3: App Account Mapping to Linux Users
Part 4: Apps Lie & Steal
Part 5: How Android Protects Apps
Part 6: What Android Doesn’t Protect
Part 7: Avoid Storing Sensitive Data in Public Locations
Part 8: Risks of Insecure File Permissions
Module 2: Building More Secure Android Apps
Part 0: The Challenge of Secure Coding
Part 1: Security Vulnerability Walkthrough
Part 2: Principles of Secure Abstractions
Part 3: Avoid Coupling Data & Security State
Part 4: Build Abstractions that are Hard to Use Insecurely
Part 5: Bound & Strongly Type Security State
Part 6: Avoid Conditional Logic in Secure Pathways
Part 7: Prevent Secure Pathways from Being Broken at Runtime
Part 8: Privilege Escalation Concepts
Part 9: Privilege Escalation Scenario
Part 10: Privilege Escalation Code Walkthrough
Part 11: Privilege Escalation Fixes
Part 12: User Interface Attacks
Part 13: Cross-platform User Interface Attacks
Module 3: Secure HTTP Communication
Part 1: Man in the Middle Attacks Public Key Infrastructure
Part 2: HTTPS
Part 3: Challenges of Storing Secrets on Mobile
Part 4: WebView Security Issues & Best Practices
Module 4: What was I Saying: Keeping Track of Sessions
Part 1: Sessions
Part 2: Spring Security Overview
Part 3: Spring Security Configuration in Java
Part 4: Building a Custom UserDetailsService
Part 5: Setting up a custom UserDetailsService
Part 6: The Principal
Part 7: Spring Security Role Annotations
Part 8: More Complex Expression-based Pre Post Authorize Annotations
Part 9: Spring Security Controller Code Walkthrough
Part 10: Spring Security Controller Test Code Walkthrough
Module 5: Authenticating Mobile Clients with OAuth
Part 1: Stateful Sessions with Cookies Why They Aren’t Ideal for Mobile
Part 2: Stateless Sessions with Tokens
Part 3: OAuth 2.0
Part 4: Spring Security OAuth 2.0
Part 5: A Spring OAuth 2.0 Secured Service
Part 6: A Retrofit Oauth 2.0 Client for Password Grants
Ideally, students who take this course will be familiar with general object-oriented design and programming concepts (such as encapsulation, abstraction, polymorphism, extensibility ), fundamental Java object-oriented programming language features (such as classes, inheritance, interfaces, and generics available in Java, basic systems programming concepts (such as event handling, processes/threads, synchronization), and networking terminology (such as client/server and peer-to-peer architectures).
Although the lectures are designed to be largely self-contained, it’s recommended (but not required) that students refer to the following books:
Martin Fowler, Refactoring: Improving the Design of Existing Code, Addison-Wesley Professional, 1999.
Goetz et al., Java Concurrency in Practice, Addison-Wesley, 2006.
Doug Lea, Concurrent Programming in Java, Prentice Hall, 1999.
Gamma et at., Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley, Reading, MA, 1995..
Schmidt et al., Pattern-Oriented Software Architecture, Vol 2: Patterns for Concurrent and Networked Objects, Wiley and Sons, 2000.
Buschmann et al., Pattern-Oriented Software Architecture:, Vol 4: A Pattern Language for Distributed Computing, Wiley and Sons, 2007.
Buschmann et al., Pattern-Oriented Software Architecture, Vol 5 On Patterns and Pattern Langauges, Wiley and Sons, 2007.
Much of this material is available online.
The class will consist of lecture videos designed to ensure you understand the material covered in the videos. Students in this track will also complete auto-/peer-graded programming assignments. The programming assignments will involve fixing security vulnerabilities in Android apps or writing cloud services using popular software frameworks written in Java, such as Spring Framework.
If I took the previous version of this course in 2014, do I need to retake it to continue with the MoCCA Specialization series?
If you have already earned a Verified Certificate in the previous version of this course, “Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems” offered in May 2014, you do not need to retake this course to continue towards the Specialization certificate and final project in 2015. Please consult the Specializations Help Center or contact the Coursera support team if you are not sure whether you qualify.
The remaining FAQ is located here