Unix: Android Security Internals: Nikolay Elenkov, no starch press, 2015

Android Security Internals
no starch press

I was intrigued when I first saw this title. I'd known for a long time that Android was built on top of a Linux kernel, but I hadn't any sense for whether this would make it easy for a thirty year Unix veteran to understand or actually work with it. After making my way through this excellent book, I'd say that those of us who are Linux savvy will have a leg up getting started because we will understand some of the basic concepts that help make Android what it is. We may even understand the role that SELinux plays in securing applications. But that's just the "getting off the ground" stuff. This book starts with familiar concepts, but quickly launches into the guts of how Android works -- starting with its security model and then delving into the details of packages, cryptographics, credentials, accounts, devices ... In short, it moves from building blocks to edifices fairly quickly and you'll soon be "slinging a lingo" that is well beyond the reaches of ordinary Linux admins. That said, the ground covered can best be expressed by displaying the table of contents, so here goes:

Foreword by Jon Sawyer

Chapter 1: Android's Security Model
Chapter 2: Permissions
Chapter 3: Package Management
Chapter 4: User Management
Chapter 5: Cryptographic Providers
Chapter 6: Network Security and PKI
Chapter 7: Credential Storage
Chapter 8: Online Account Management
Chapter 9: Enterprise Security
Chapter 10: Device Security
Chapter 11: NFC and Secure Elements
Chapter 12: SELinux
Chapter 13: System Updates and Root Access

These chapters are very well written, thorough, and complete. In fact, you could be a seasoned Android developer and still have only a vague understanding how this system works when it comes to all of its security components. Of course, if you have some experience with Android development, you'll have a much easier time moving from chapter to chapter. Still, this is not "intro to Android" typed material, but an excellent coverage of all things Android security. If that's what you're looking for, you're not likely to find a better source anywhere in the known universe.

Even newbie Android developers, on reading this book, will be able to grasp how Android security works. This is not easy material, but it's very clearly explained. And given today's cyber threats, a solid foundation in it Android security is one of the things that every Android developer should be going after with significant enthusiasm. With over a billion Android devices in use today and a huge and growing developer community, I wish every Android developer would sit down and read this book. A lot of us would feel more secure if they did.

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022