Android Security Internals
Android Security Internals

Author: Nikolay Elenkov
Publisher: No Starch Press
Pages: 432
ISBN: 9781593275815
Print: 1593275811
Kindle: B00P8DRZWA
Audience: Competent Android developers
Rating: 5
Reviewer: Mike James
Reviewed: February 2015

Over the festive season IProgrammer gives its reviewers a well-deserved break. For our readers we pick out a selection of our best books of the year in case you missed them. Over 100 books were reviewed in 2015 and so we start at the top with an A.

 

We all need to know about Android security - but a whole book dedicated to it? Can this be a good idea? The simple answer is yes but not for every programmer. 

The subtitle gives you a clue as to why - An In-Depth Guide to Android's Security Architecture. This isn't a quick look at how things work at the top level, and it isn't a collection of does and don'ts. It contains lots of interesting information, but not everyone will want to know all of it and the average Android programmer is going to have to work very hard to keep up. 

 

Banner

 

Chapter 1 provides an overview of the security model and in part this is an overview of Android's basic design and its differences from standard Linux and Java. The next two chapters discuss the core of Android security - permissions, package and user management. This is where you stand a good chance of getting lost. It is also difficult to see how this information could be of practical value unless you were trying to work out an attack on Android. It covers things like how permissions are created and enforced, including custom app permissions, and how the APK format differs from a JAR. It details how an app gets installed including how to sideload an adb. 

You could probably get all of the tasks described completed without understanding the fine detail. Don't let you put this off, however, and read on even if you only get the general gist of how things are working. The way users are handled in Android will come as a surprise to anyone who thinks that it is the same as Linux. 

 

androidsecurityinternals

 

From here the rest of the book becomes much more practical. In Chapter 5 we take a look at the wonderful world of crypto providers and the JCA. Then on to network security and the PKI, credential storage, including setting up VPNs and WiFi, and online account management. In this group of chapters we learn about certificates, the JSSE and Android's implementation of the JSSE. 

Chapter 9 introduces enterprise security. As this is a recent introduction to Android you may not even be aware that these facilities exist. Topics include adding a device admin plus more on VPNs and WiFi.

Next Chapter 10 looks at device security including controlling the boot procedure, disk encryption, screen security, usb security and backup. Chapter 11 moves on to NFC and secure elements. Then Chapter 12 discusses SELinux and the Android implementation. 

The final chapter is on the system update mechanism and root access. It discusses recovery and how to get root access on a production system This is good background for anyone thinking about experimenting with their own OS images.  

This is not a book that you are going to get everything from on a first reading. You also need to be a competent Android developer. While there isn't a lot of Java code in the book, you need to understand the way an app works to understand how the security measures work. On the other hand, you don't really need to understand how security measures work to be able to write Android apps. 

This is an excellent book, but it is for readers who want to know more than they strictly need to know - unless you want to become an Android security expert, when this would be your one and only starting point. 

Highly recommended. 

Banner


Java SE8 for Programmers (3e)

Author: Paul J. Deitel & Harvey M. Deitel
Publisher: Prentice Hall, 2011
Pages: 1104
ISBN: 978-0133891386
Print: 0133891380
Kindle: B00JC9I3RC
Audience: Programmers moving to Java; students
Rating: 3.5
Reviewed by: Ian Elliot

The latest edition of the Deitel tome on Java has been updated [ ... ]



Raspberry Pi Cookbook

Author: Simon Monk
Publisher: O'Reilly
Pages: 414
ISBN: 978-1449365226
Audience: Raspberry Pi hardware experimenters
Rating: 4.5
Reviewer: Harry Fairhead

A cookbook for raspberry pie - what could be more logical? But only if you spell it Raspberry Pi.


More Reviews

 

 

Last Updated ( Tuesday, 22 December 2015 )
 
 

   
Banner
RSS feed of book reviews only
I Programmer Book Reviews
RSS feed of all content
I Programmer Book Reviews
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.