Android Security Internals: An In-Depth Guide to Android's Security Architecture Book Review

This is the first security book I have read on Android that was not primarily about hacking the Android platform. This book completely covers all the tools available to the Android software architects and developers. Instead of showing us how to root the device at the beginning of the book and then showing us exploits and vulnerabilities throughout the rest of it, he covers how root access is achieved in different types of Android builds, and different ways get Root Access, but late in the book. The book starts out with an overview of the Android security model, and then each chapter is dedicated to a specific feature of Android's security model. I have listed the chapters below. Chapter 1: Android's Security Model Chapter 2: Permissions Chapter 3: Package Management Chapter 4: User Management Chapter 5: Cryptographic Providers Chapter 6: Network Security and PKI Chapter 7: Credential Storage Chapter 8: Online Account Management Chapter 9: Enterprise Security Chapter 10: Device Security Chapter 11: NFC and Secure Elements Chapter 12: SELinux Chapter 13: System Updates and Root Access Although the chapter titles give you a pretty good idea of what is in them, I have listed some of the chapters below along with the topics covered that I liked best. Chapter 2: Permissions covers The Nature of Permissions, Requesting Permissions, Permission Management, Permission Protection Levels, Permission Assignment, Permission Enforcement, System Permissions, Shared User ID, Custom Permissions, Public and Private Components, Activity and Service Permissions, Broadcast Permissions, Content Provider Permissions, and Pending Intents. Chapter 3: Package Management covers Android Application Package Format, Code signing, APK Install Process, and Package Verification. Chapter 4: User Management covers, Multi-User Support Overview, Types of Users, User Management, User Metadata, Per-User Application Management, External Storage, and Other Multi-User Features. Chapter 5: Cryptographic Providers covers JCA Provider Architecture, JCA Engine Classes, Android JCA Providers, and Using a Custom Provider. Chapter 6: Network Security and PKI covers PKI and SSL Overview, JSSE Introduction, and Android JSSE Implementation. Chapter 8: Online Account Management covers Android Account Management Overview, Account Management Implementation, and Google Accounts Support. Chapter 10: Device Security covers Controlling OS Boot-Up and Installation, Verified Boot, Disk Encryption, Screen Security, Secure USB Debugging, and Android Backup. Chapter 11: NFC and Secure Elements covers NFC Overview, Android NFC Support, Secure Elements, and Software Card Emulation. There are some books I feel every Android developer should read and this book is definitely one of them. Every Android developer should have this book on their bookshelf. Although, I do not feel it is a beginner's book. You should have a working knowledge of Android programming before attempting to read it, so don't start here, but make sure you eventually get here. The author's writing style is great. He does an excellent job of covering complex topics in a way that makes them easy to understand. Diagrams, code snippets, and screen shots are used just at the right spots. This may seem stupid to mention, but after attempting to get value out of a book with 2 screenshots and 3 sentences on a page, you learn to appreciate when the learning tools are used right. The book is not only a great cover to cover read, but it will also make a good reference. Chapter 1: "Android's Security Model" is available on the publisher's site which is a nice introduction to the book and the author's writing style. There is also a very detailed table of contents and the index available. Amazon also has a lot of the book available for preview. Their preview includes some material from chapters other than chapter 1. You can also use the search on Amazon to see if a topic you are interested in is included. Overall I found this book excellent. Admittedly, it was a very long read. I have been toting it around for months, but that is because so many things are covered, and they are covered in depth. I also enjoyed reading it, so it was worth the time and toting.

Android Security Internals: An In-Depth Guide to Android's Security Architecture

Android Security Internals: An In-Depth Guide to Android's Security Architecture