Android Security Internals

There are nearly a billion Android devices in use today, and every one is a potential security breach. Love it or hate it, the security of Android-based devices is of major concern to users and developers alike. In Android Security Internals, author Nikolay Elenkov delves into Android components andwww.it-ebooks.infoANDROIDSECURITINTERNALSAn In-Depth Guide toAndr。id∧ SecurityArchitectureby nikolay ElenKOv水no starchpressSan franciscowww.it-ebooks.infoANDROID SECURITY INTERNALS. Copyright@ 2015 by Nikolay ElenkovAll rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,electronic or mechanical, including photocopying, recording, or by any information storage or retrievalsystem, without the prior written permission of the copyright owner and the publisherPrinted in usaFirst printing1817161514123456789ISBN-10:1-59327-581-1FURESIRABLE Certified SourcingInItiAtIvEwww.sfiprogram.orgISBN-13:978-1-59327-581-5Publisher: william pollockProduction editor: alison lawCover Illustration: Garry BoothInterior Design: Octopod StudiosDevelopmental Editor: William PollockTechnical Reviewer: Kenny rootCopyeditor: Gillian McGarveyCompositor: Susan glinert stevensProofreader: James FraleighIndexer: BIM Proofreading &e Indexing ServicesFor information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directlyNo Starch Press Inc245 8th Street. San Francisco, CA 94103phone415.863.9900;info@nostarch.comwww.nostarch.comLibrary of Congress Control Number: 2014952666No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Otherproduct and company names mentioned herein may be the trademarks of their respective owners. Ratherthan use a trademark symbol with every occurrence of a trademarked name, we are using the names onlyin an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of thetrademarkThe Android robot is reproduced or modified from work created and shared by Google and used accordinto terms described in the creative commons 3.0 attribution licenseThe information in this book is distributed on an"As Is"basis, without warranty. While every precautionhas been taken in the preparation of this work, neither the author nor No Starch Press, Inc shall have anyliability to any person or entity with respect to any loss or damage caused or alleged to be caused directly orindirectly by the information contained in itwww.it-ebooks.infoAbout the authorNikolay Elenkov has been working on enterprise security projects forthe past 10 years. He has developed security software on various plat-forms, ranging from smart cards and hsms to Windows and linuxservers. He became interested in Android shortly after the initial publicrelease and has been developing applications for it since version 1.5Nikolay's interest in Android internals intensified after the release ofAndroid 4.0(Ice Cream Sandwich), and for the past three years hesbeen documenting his findings and writing about Android security onhisbloghttp://nelenkov.blogspot.comAbout the Technical reviewerKenny root has been a core contributor to the android platform atGoogle since 2009, where his focus has been primarily on security andcryptography. He is the author of ConnectBot, the first SSH app forAndroid, and is an avid open source contributor. When he's not hacking on software, he's spending time with his wife and two boys. He is analumnus of Stanford university, Columbia University, Chinese universityof Hong Kong, and Baker College, but he's originally from Kansas Citwhich has the best barbecuewww.it-ebooks.infowww.it-ebooks.infoBRIEF CONTENTSForeword by Jon SawyerAcknowledgmentsIntroductionXXIChapter 1: Android's Security ModelChapter 2: PermissionsChapter 3: Package ManagementChapter 4: User Management87Chapter 5: CrypfographIc Providers115Chapter 6: Network Security and PKI145Chapter 7: Credential Storage17Chapter 8: Online AccouanagementChapter 9: Enterprise Security215Chapter 10: Device Security25Chapter 11: NFC and Secure Elements.289Chapter 12: SELinUx.319Chapter 13: System Updates and Root Access349377www.it-ebooks.infowww.it-ebooks.infoCONTENTS N DETAILFOREWORD by Jon SawyerXVIACKNOWLEDGMENTSXXIXINTRODUCTIONX KWho this book s forPrerequisitesAndroid versionsXXIIIHow ls This Book OrganizedConventionsXXVANDROID'S SECURITY MODELAndroid,s ArchitectureLinux KernelNative UserspaceDalvik VmJava Runtime LibrariesSystem ServicesInter -Process CommunicationBinderAndroid framework LibrariesApplicatiAndroid 's Security ModelApplication SandboxIngPermissions4450022456Code Signing and Platform KeysMulti-User Support16SELinuxSystem UpdatVerified bootSummary7892PERMISSIONS21The nature of permissionsRequesting permissions23Permission Management23Permission protection levels24Permission Assignmen26www.it-ebooks.info