Android Security Internals

Author: Nikolay Elenkov
Publisher: No Starch Press
Pages: 432
ISBN: 9781593275815
Print: 1593275811
Kindle: B00P8DRZWA
Audience: Competent Android developers
Rating: 5
Reviewer: Mike James

We need to know about Android security - but a whole book dedicated to it? Can this be a good idea? The simple answer is yes, but not for every programmer.

The subtitle gives you a clue as to why - An In-Depth Guide to Android's Security Architecture. This isn't a quick look at how things work at the top level, and it isn't a collection of does and don'ts. It contains lots of interesting information, but not everyone will want to know all of it and the average Android programmer is going to have to work very hard to keep up. 

 

Banner

 

Chapter 1 provides an overview of the security model and in part this is an overview of Android's basic design and its differences from standard Linux and Java. The next two chapters discuss the core of Android security - permissions, package and user management. This is where you stand a good chance of getting lost. It is also difficult to see how this information could be of practical value unless you were trying to work out an attack on Android. It covers things like how permissions are created and enforced, including custom app permissions, and how the APK format differs from a JAR. It details how an app gets installed including how to sideload an adb. 

You could probably get all of the tasks described completed without understanding the fine detail. Don't let you put this off, however, and read on even if you only get the general gist of how things are working. The way users are handled in Android will come as a surprise to anyone who thinks that it is the same as Linux. 

 

 

From here the rest of the book becomes much more practical. In Chapter 5 we take a look at the wonderful world of crypto providers and the JCA. Then on to network security and the PKI, credential storage, including setting up VPNs and WiFi, and online account management. In this group of chapters we learn about certificates, the JSSE and Android's implementation of the JSSE. 

Chapter 9 introduces enterprise security. As this is a recent introduction to Android you may not even be aware that these facilities exist. Topics include adding a device admin plus more on VPNs and WiFi.

Next Chapter 10 looks at device security including controlling the boot procedure, disk encryption, screen security, usb security and backup. Chapter 11 moves on to NFC and secure elements. Then Chapter 12 discusses SELinux and the Android implementation. 

The final chapter is on the system update mechanism and root access. It discusses recovery and how to get root access on a production system This is good background for anyone thinking about experimenting with their own OS images.  

androidsecurityinternals

This is not a book that you are going to get everything from on a first reading. You also need to be a competent Android developer. While there isn't a lot of Java code in the book, you need to understand the way an app works to understand how the security measures work. On the other hand, you don't really need to understand how security measures work to be able to write Android apps. 

This is an excellent book, but it is for readers who want to know more than they strictly need to know - unless you want to become an Android security expert, when this would be your one and only starting point. 

Highly recommended. 

Banner


Raspberry Pi User Guide (4e)

Author:  Eben Upton, Gareth Halfacree
Publisher: Wiley
Pages: 312 
ISBN: 978-1119264361
Print: 1119264367
Kindle: B01K5WSIPQ
Audience: New users of Raspberry Pi
Rating: 4
Reviewer: Harry Fairhead

A guide to the Raspberry Pi co-authored by the  [ ... ]



Programming Rust

Author: Jim Blandy and Jason Orendorff
Publisher: O'Reilly
Date: Aug 2016
Pages: 400
ISBN: 978-1491927281
Print: 1491927283
Kindle: B077NSY211
Audience: Systems programmers
Rating: 4
Reviewer: Mike James
Rust - it's a hit language of the moment. The language we all love to love. So what could be bet [ ... ]


More Reviews

 

 

Last Updated ( Friday, 12 January 2018 )