Android Security Internals : An In-Depth Guide to Android's Security Architecture.

Intro -- About the Author -- Brief Contents -- Contents in Detail -- Foreword -- Acknowledgments -- Introduction -- Who This Book Is For -- Prerequisites -- Android Versions -- How Is This Book Organized? -- Conventions -- Chapter 1: Android's Security Model -- Android's Architecture -- Linux Kernel -- Native User Space -- Dalvik VM -- Java Runtime Libraries -- System Services -- Inter-Process Communication -- Binder -- Android Framework Libraries -- Applications -- Android's Security Model -- Application Sandboxing -- Permissions -- IPC -- Code Signing and Platform Keys -- Multi-User Support -- SELinux -- System Updates -- Verified Boot -- Summary -- Chapter 2: Permissions -- The Nature of Permissions -- Requesting Permissions -- Permission Management -- Permission Protection Levels -- Permission Assignment -- Permission Enforcement -- Kernel-Level Enforcement -- Native Daemon-Level Enforcement -- Framework-Level Enforcement -- System Permissions -- Signature Permissions -- Development Permissions -- Shared User ID -- Custom Permissions -- Public and Private Components -- Activity and Service Permissions -- Broadcast Permissions -- Content Provider Permissions -- Static Provider Permissions -- Dynamic Provider Permissions -- Pending Intents -- Summary -- Chapter 3: Package Management -- Android Application Package Format -- Code Signing -- Java Code Signing -- Android Code Signing -- APK Install Process -- Location of Application Packages and Data -- Active Components -- Installing a Local Package -- Updating a Package -- Installing Encrypted APKs -- Forward Locking -- Android 4.1 Forward Locking Implementation -- Encrypted Apps and Google Play -- Package Verification -- Android Support for Package Verification -- Google Play Implementation -- Summary -- Chapter 4: User Management -- Multi-User Support Overview -- Types of Users.

The Primary User (Owner) -- Secondary Users -- Restricted Profiles -- Guest User -- User Management -- Command-Line Tools -- User States and Related Broadcasts -- User Metadata -- The User List File -- User Metadata Files -- User System Directory -- Per-User Application Management -- Application Data Directories -- Application Sharing -- External Storage -- External Storage Implementations -- Multi-User External Storage -- External Storage Permissions -- Other Multi-User Features -- Summary -- Chapter 5: Cryptographic Providers -- JCA Provider Architecture -- Cryptographic Service Providers -- JCA Engine Classes -- Obtaining an Engine Class Instance -- Algorithm Names -- SecureRandom -- MessageDigest -- Signature -- Cipher -- Mac -- Key -- SecretKey and PBEKey -- PublicKey, PrivateKey, and KeyPair -- KeySpec -- KeyFactory -- SecretKeyFactory -- KeyPairGenerator -- KeyGenerator -- KeyAgreement -- KeyStore -- CertificateFactory and CertPath -- CertPathValidator and CertPathBuilder -- Android JCA Providers -- Harmony's Crypto Provider -- Android's Bouncy Castle Provider -- AndroidOpenSSL Provider -- OpenSSL -- Using a Custom Provider -- Spongy Castle -- Summary -- Chapter 6: Network Security and PKI -- PKI and SSL Overview -- Public Key Certificates -- Direct Trust and Private CAs -- Public Key Infrastructure -- Certificate Revocation -- JSSE Introduction -- Secure Sockets -- Peer Authentication -- Hostname Verification -- Android JSSE Implementation -- Certificate Management and Validation -- Certificate Blacklisting -- Reexamining the PKI Trust Model -- Summary -- Chapter 7: Credential Storage -- VPN and Wi-Fi EAP Credentials -- Authentication Keys and Certificates -- The System Credential Store -- Credential Storage Implementation -- The keystore Service -- Key Blob Versions and Types -- Access Restrictions.

keymaster Module and keystore Service Implementation -- Nexus 4 Hardware-Backed Implementation -- Framework Integration -- Public APIs -- The KeyChain API -- KeyChain API Implementation -- Controlling Access to the Keystore -- Android Keystore Provider -- Summary -- Chapter 8: Online Account Management -- Android Account Management Overview -- Account Management Implementation -- AccountManagerService and AccountManager -- Authenticator Modules -- The Authenticator Module Cache -- AccountManagerService Operations and Permissions -- The Accounts Database -- Multi-User Support -- Adding an Authenticator Module -- Google Accounts Support -- The Google Login Service -- Google Services Authentication and Authorization -- Google Play Services -- Summary -- Chapter 9: Enterprise Security -- Device Administration -- Implementation -- Adding a Device Administrator -- Enterprise Account Integration -- VPN Support -- PPTP -- L2TP/IPSec -- IPSec Xauth -- SSL-Based VPNs -- Legacy VPN -- Application-Based VPNs -- Multi-User Support -- Wi-Fi EAP -- EAP Authentication Methods -- Android Wi-Fi Architecture -- EAP Credentials Management -- Adding an EAP Network with WifiManager -- Summary -- Chapter 10: Device Security -- Controlling OS Boot-Up and Installation -- Bootloader -- Recovery -- Verified Boot -- dm-verity Overview -- Android Implementation -- Enabling Verified Boot -- Disk Encryption -- Cipher Mode -- Key Derivation -- Disk Encryption Password -- Changing the Disk Encryption Password -- Enabling Encryption -- Booting an Encrypted Device -- Screen Security -- Lockscreen Implementation -- Keyguard Unlock Methods -- Brute-Force Attack Protection -- Secure USB Debugging -- ADB Overview -- The Need for Secure ADB -- Securing ADB -- Secure ADB Implementation -- ADB Authentication Keys -- Verifying the Host Key Fingerprint -- Android Backup.

Android Backup Overview -- Backup File Format -- Backup Encryption -- Controlling Backup Scope -- Summary -- Chapter 11: NFC and Secure Elements -- NFC Overview -- Android NFC Support -- Reader/Writer Mode -- Peer-to-Peer Mode -- Card Emulation Mode -- Secure Elements -- SE Form Factors in Mobile Devices -- Accessing the Embedded SE -- Android SE Execution Environment -- UICC as a Secure Element -- Software Card Emulation -- Android 4.4 HCE Architecture -- APDU Routing -- Writing an HCE Service -- Security of HCE Applications -- Summary -- Chapter 12: SELinux -- SELinux Introduction -- SELinux Architecture -- Mandatory Access Control -- SELinux Modes -- Security Contexts -- Security Context Assignment and Persistence -- Security Policy -- Policy Statements -- Type Transition Rules -- Domain Transition Rules -- Access Vector Rules -- Android Implementation -- Kernel Changes -- Userspace Changes -- Device Policy Files -- Policy Event Logging -- Android 4.4 SELinux Policy -- Policy Overview -- Enforcing Domains -- Unconfined Domains -- App Domains -- Summary -- Chapter 13: System Updates and Root Access -- Bootloader -- Unlocking the Bootloader -- Fastboot Mode -- Recovery -- Stock Recovery -- Custom Recoveries -- Root Access -- Root Access on Engineering Builds -- Root Access on Production Builds -- Rooting by Changing the boot or system Image -- Rooting by Flashing an OTA Package -- Rooting via Exploits -- Summary -- Index -- Updates.

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now.In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security sys­tem. Elenkov describes Android security archi­tecture from the bottom up, delving into the imple­mentation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.You’ll learn:How Android permissions are declared, used, and enforcedHow Android manages application packages and employs code signing to verify their authenticityHow Android implements the Java Cryp­­­tog­raphy Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworksAbout Android’s credential storage system and APIs, which let applications store cryptographic keys securelyAbout the online account management framework and how Google accounts integrate with AndroidAbout the implementation of verified boot, disk encryption, lockscreen, and other device security featuresHow Android’s bootloader and recovery OS are used to perform full system updates, and how to obtain root accessWith its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.