Android Security Internals

An In-Depth Guide to Android's Security Architecture
by Nikolay Elenkov

October 2014, 432 pp.
ISBN: 978-1-59327-581-5
Contents | Reviews | Updates

Order now and get early access to the PDF ebook!
(What's that?)
(Which chapters are available now?)

Get 30% off with the coupon code EARLYBIRD

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now.

In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security sys­tem. Elenkov describes Android security archi­tecture from the bottom up, delving into the imple­mentation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.

You’ll learn:

  • How Android permissions are declared, used, and enforced
  • How Android manages application packages and employs code signing to verify their authenticity
  • How Android implements the Java Cryp­­­tog­raphy Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworks
  • About Android’s credential storage system and APIs, which let applications store cryptographic keys securely
  • The online account management framework and how Google accounts integrate with Android
  • The implementation of verified boot, disk encryption, lockscreen, and other device security features
  • How Android’s bootloader and recovery OS are used to perform full system updates, and how to obtain root access

With its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.


About the Author

Nikolay Elenkov has been working on enter­prise security–related projects for more than 10 years. He became interested in Android shortly after the initial public release and has been developing Android applications since version 1.5. His work has led to the discovery and correction of significant Android security flaws. He writes about Android security on his highly regarded blog, nelenkov.blogspot.com.


Table of Contents

Chapter 1: Android's Security Model (AVAILABLE NOW)
Chapter 2: Permissions (AVAILABLE NOW)
Chapter 3: Package Management (AVAILABLE NOW)

Chapter 4: User Management
Chapter 5: Cryptographic Providers (AVAILABLE NOW)
Chapter 6: Network Security and PKI (AVAILABLE NOW)
Chapter 7: Credential Storage (AVAILABLE NOW)

Chapter 8: Online Account Management
Chapter 9: Enterprise Security
Chapter 10: Device Security
Chapter 11: NFC and Secure Elements
Chapter 12: SELinux
Chapter 13: Development Device Security and Root Access

(top)