Android Security Internals

Author: Nikolay Elenkov
Publisher: No Starch Press
Pages: 432
ISBN: 9781593275815
Print: 1593275811
Kindle: B00P8DRZWA
Audience: Competent Android developers
Rating: 5
Reviewer: Mike James

We need to know about Android security - but a whole book dedicated to it? Can this be a good idea? The simple answer is yes, but not for every programmer.

The subtitle gives you a clue as to why - An In-Depth Guide to Android's Security Architecture. This isn't a quick look at how things work at the top level, and it isn't a collection of does and don'ts. It contains lots of interesting information, but not everyone will want to know all of it and the average Android programmer is going to have to work very hard to keep up. 




Chapter 1 provides an overview of the security model and in part this is an overview of Android's basic design and its differences from standard Linux and Java. The next two chapters discuss the core of Android security - permissions, package and user management. This is where you stand a good chance of getting lost. It is also difficult to see how this information could be of practical value unless you were trying to work out an attack on Android. It covers things like how permissions are created and enforced, including custom app permissions, and how the APK format differs from a JAR. It details how an app gets installed including how to sideload an adb. 

You could probably get all of the tasks described completed without understanding the fine detail. Don't let you put this off, however, and read on even if you only get the general gist of how things are working. The way users are handled in Android will come as a surprise to anyone who thinks that it is the same as Linux. 



From here the rest of the book becomes much more practical. In Chapter 5 we take a look at the wonderful world of crypto providers and the JCA. Then on to network security and the PKI, credential storage, including setting up VPNs and WiFi, and online account management. In this group of chapters we learn about certificates, the JSSE and Android's implementation of the JSSE. 

Chapter 9 introduces enterprise security. As this is a recent introduction to Android you may not even be aware that these facilities exist. Topics include adding a device admin plus more on VPNs and WiFi.

Next Chapter 10 looks at device security including controlling the boot procedure, disk encryption, screen security, usb security and backup. Chapter 11 moves on to NFC and secure elements. Then Chapter 12 discusses SELinux and the Android implementation. 

The final chapter is on the system update mechanism and root access. It discusses recovery and how to get root access on a production system This is good background for anyone thinking about experimenting with their own OS images.  


This is not a book that you are going to get everything from on a first reading. You also need to be a competent Android developer. While there isn't a lot of Java code in the book, you need to understand the way an app works to understand how the security measures work. On the other hand, you don't really need to understand how security measures work to be able to write Android apps. 

This is an excellent book, but it is for readers who want to know more than they strictly need to know - unless you want to become an Android security expert, when this would be your one and only starting point. 

Highly recommended. 


HTML, CSS & JavaScript (In Easy Steps)

Author: Mike McGrath
Publisher: In Easy Steps
Date: July 2020
Pages: 480
ISBN: 978-1840788785
Print: 184078878X
Kindle: B08FBGXGF1
Audience: would-be web developers
Rating: 5
Reviewer Mike James
The three core web technologies in a single book.

Math for Programmers (Manning)

Author: Paul Orland
Publisher: Manning Publications
Date: January 2021
Pages: 688
ISBN: 978-1617295355
Print: 1617295353
Audience: Python developers interested in math
Rating: 4
Reviewer: Mike James
Of course you need to learn math, don't you?

More Reviews



Last Updated ( Friday, 12 January 2018 )