Android Security Internals
An In-Depth Guide to Android's Security Architecture
Nikolay Elenkov on the actual implementation of Android's security model: package manager internals, permissions, keystore, SELinux integration, verified boot.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Nikolay Elenkov
- Published
- 2014
- Publisher
- No Starch Press
- Pages
- 432
- Language
- English
Read this if
Mobile security researchers and Android pentesters who need to understand the platform at architecture depth. Elenkov covers the security framework, signing, permissions, keystore, and the encryption stack. The reference book on Android security architecture.
Skip this if
App-only pentesters who don't care about platform internals, or anyone wanting current (post-2014) Android specifics. Principles transfer, specifics don't.
Key takeaways
- Android's security model is a layered system (Linux kernel + framework + signing) that breaks in non-obvious ways at the seams between layers; the book teaches you to see the seams.
- The keystore and SELinux chapters are still the best treatment for understanding how device-level secrets and process boundaries actually work.
- Signing and verified boot are the trust roots that subsequent app-layer security depends on; the book's chapters on them remain foundational.
Notes
Pair with the AOSP source and the Android Open Source Project security documentation for the current authoritative view. Elenkov's blog (nelenkov.blogspot.com) covered Android security continuously after the book; his later work at Google shows the same depth. For app-layer pentest, follow with the OWASP Mobile Application Security Testing Guide.
What to read before
What to read before Android Security Internals →Intermediate · 2016
iOS Application Security
David Thiel on attacking and defending iOS apps: the platform sandbox, IPC surfaces, keychain semantics, transport security, and the patterns that introduce real bugs.
Intermediate · 2015
The Mobile Application Hacker's Handbook
Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.
Advanced · 2017
Windows Internals, Part 1
The canonical Microsoft Press reference on Windows internals: how processes, threads, memory and system services are actually implemented in the modern Windows kernel. User-mode focus in this volume.
What to read next
What to read after Android Security Internals →Advanced · 2017
Windows Internals, Part 1
The canonical Microsoft Press reference on Windows internals: how processes, threads, memory and system services are actually implemented in the modern Windows kernel. User-mode focus in this volume.
Advanced · 2017
Attacking Network Protocols
James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.
Advanced · 2020
Building Secure and Reliable Systems
Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.
Explore similar books
Alternatives to Android Security Internals →Advanced · 2017
Windows Internals, Part 1
The canonical Microsoft Press reference on Windows internals: how processes, threads, memory and system services are actually implemented in the modern Windows kernel. User-mode focus in this volume.
Intermediate · 2016
iOS Application Security
David Thiel on attacking and defending iOS apps: the platform sandbox, IPC surfaces, keychain semantics, transport security, and the patterns that introduce real bugs.
Intermediate · 2015
The Mobile Application Hacker's Handbook
Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.