𝔖 Scriptorium
✦   LIBER   ✦
📁

Android Security Internals: An In-Depth Guide to Android's Security Architecture

✍ Scribed by Nikolay Elenkov

Publisher
No Starch Press
Year
2014
Tongue
English
Leaves
434
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now.

In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security sys­tem. Elenkov describes Android security archi­tecture from the bottom up, delving into the imple­mentation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.

You’ll learn:
–How Android permissions are declared, used, and enforced
–How Android manages application packages and employs code signing to verify their authenticity
–How Android implements the Java Cryptography Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworks
–About Android’s credential storage system and APIs, which let applications store cryptographic keys securely
–About the online account management framework and how Google accounts integrate with Android
–About the implementation of verified boot, disk encryption, lockscreen, and other device security features
–How Android’s bootloader and recovery OS are used to perform full system updates, and how to obtain root access

With its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.

✦ Table of Contents

About the Author
Brief Contents
Contents in Detail
Foreword
Acknowledgments
Introduction
Who This Book Is For
Prerequisites
Android Versions
How Is This Book Organized?
Conventions
Chapter 1: Android’s Security Model
Android’s Architecture
Linux Kernel
Native User Space
Dalvik VM
Java Runtime Libraries
System Services
Inter-Process Communication
Binder
Android Framework Libraries
Applications
Android’s Security Model
Application Sandboxing
Permissions
IPC
Code Signing and Platform Keys
Multi-User Support
SELinux
System Updates
Verified Boot
Summary
Chapter 2: Permissions
The Nature of Permissions
Requesting Permissions
Permission Management
Permission Protection Levels
Permission Assignment
Permission Enforcement
Kernel-Level Enforcement
Native Daemon-Level Enforcement
Framework-Level Enforcement
System Permissions
Signature Permissions
Development Permissions
Shared User ID
Custom Permissions
Public and Private Components
Activity and Service Permissions
Broadcast Permissions
Content Provider Permissions
Static Provider Permissions
Dynamic Provider Permissions
Pending Intents
Summary
Chapter 3: Package Management
Android Application Package Format
Code Signing
Java Code Signing
Android Code Signing
APK Install Process
Location of Application Packages and Data
Active Components
Installing a Local Package
Updating a Package
Installing Encrypted APKs
Forward Locking
Android 4.1 Forward Locking Implementation
Encrypted Apps and Google Play
Package Verification
Android Support for Package Verification
Google Play Implementation
Summary
Chapter 4: User Management
Multi-User Support Overview
Types of Users
The Primary User (Owner)
Secondary Users
Restricted Profiles
Guest User
User Management
Command-Line Tools
User States and Related Broadcasts
User Metadata
The User List File
User Metadata Files
User System Directory
Per-User Application Management
Application Data Directories
Application Sharing
External Storage
External Storage Implementations
Multi-User External Storage
External Storage Permissions
Other Multi-User Features
Summary
Chapter 5: Cryptographic Providers
JCA Provider Architecture
Cryptographic Service Providers
JCA Engine Classes
Obtaining an Engine Class Instance
Algorithm Names
SecureRandom
MessageDigest
Signature
Cipher
Mac
Key
SecretKey and PBEKey
PublicKey, PrivateKey, and KeyPair
KeySpec
KeyFactory
SecretKeyFactory
KeyPairGenerator
KeyGenerator
KeyAgreement
KeyStore
CertificateFactory and CertPath
CertPathValidator and CertPathBuilder
Android JCA Providers
Harmony’s Crypto Provider
Android’s Bouncy Castle Provider
AndroidOpenSSL Provider
OpenSSL
Using a Custom Provider
Spongy Castle
Summary
Chapter 6: Network Security and PKI
PKI and SSL Overview
Public Key Certificates
Direct Trust and Private CAs
Public Key Infrastructure
Certificate Revocation
JSSE Introduction
Secure Sockets
Peer Authentication
Hostname Verification
Android JSSE Implementation
Certificate Management and Validation
Certificate Blacklisting
Reexamining the PKI Trust Model
Summary
Chapter 7: Credential Storage
VPN and Wi-Fi EAP Credentials
Authentication Keys and Certificates
The System Credential Store
Credential Storage Implementation
The keystore Service
Key Blob Versions and Types
Access Restrictions
keymaster Module and keystore Service Implementation
Nexus 4 Hardware-Backed Implementation
Framework Integration
Public APIs
The KeyChain API
KeyChain API Implementation
Controlling Access to the Keystore
Android Keystore Provider
Summary
Chapter 8: Online Account Management
Android Account Management Overview
Account Management Implementation
AccountManagerService and AccountManager
Authenticator Modules
The Authenticator Module Cache
AccountManagerService Operations and Permissions
The Accounts Database
Multi-User Support
Adding an Authenticator Module
Google Accounts Support
The Google Login Service
Google Services Authentication and Authorization
Google Play Services
Summary
Chapter 9: Enterprise Security
Device Administration
Implementation
Adding a Device Administrator
Enterprise Account Integration
VPN Support
PPTP
L2TP/IPSec
IPSec Xauth
SSL-Based VPNs
Legacy VPN
Application-Based VPNs
Multi-User Support
Wi-Fi EAP
EAP Authentication Methods
Android Wi-Fi Architecture
EAP Credentials Management
Adding an EAP Network with WifiManager
Summary
Chapter 10: Device Security
Controlling OS Boot-Up and Installation
Bootloader
Recovery
Verified Boot
dm-verity Overview
Android Implementation
Enabling Verified Boot
Disk Encryption
Cipher Mode
Key Derivation
Disk Encryption Password
Changing the Disk Encryption Password
Enabling Encryption
Booting an Encrypted Device
Screen Security
Lockscreen Implementation
Keyguard Unlock Methods
Brute-Force Attack Protection
Secure USB Debugging
ADB Overview
The Need for Secure ADB
Securing ADB
Secure ADB Implementation
ADB Authentication Keys
Verifying the Host Key Fingerprint
Android Backup
Android Backup Overview
Backup File Format
Backup Encryption
Controlling Backup Scope
Summary
Chapter 11: NFC and Secure Elements
NFC Overview
Android NFC Support
Reader/Writer Mode
Peer-to-Peer Mode
Card Emulation Mode
Secure Elements
SE Form Factors in Mobile Devices
Accessing the Embedded SE
Android SE Execution Environment
UICC as a Secure Element
Software Card Emulation
Android 4.4 HCE Architecture
APDU Routing
Writing an HCE Service
Security of HCE Applications
Summary
Chapter 12: SELinux
SELinux Introduction
SELinux Architecture
Mandatory Access Control
SELinux Modes
Security Contexts
Security Context Assignment and Persistence
Security Policy
Policy Statements
Type Transition Rules
Domain Transition Rules
Access Vector Rules
Android Implementation
Kernel Changes
Userspace Changes
Device Policy Files
Policy Event Logging
Android 4.4 SELinux Policy
Policy Overview
Enforcing Domains
Unconfined Domains
App Domains
Summary
Chapter 13: System Updates and Root Access
Bootloader
Unlocking the Bootloader
Fastboot Mode
Recovery
Stock Recovery
Custom Recoveries
Root Access
Root Access on Engineering Builds
Root Access on Production Builds
Rooting by Changing the boot or system Image
Rooting by Flashing an OTA Package
Rooting via Exploits
Summary
Index
Updates

📜 SIMILAR VOLUMES

Android Security Internals: An In-Depth
📁 Android Security Internals: An In-Depth Guide to Android’s Security Architecture
✍ Nikolay Elenkov 📂 Library 📅 2014 🏛 No Starch Press 🌐 English

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now. In Android Security Internals, top Android securi

Android Security Internals: An In-Depth
📁 Android Security Internals: An In-Depth Guide to Android's Security Architecture
✍ Nikolay Elenkov 📂 Library 📅 2014 🏛 No Starch Press 🌐 English

<div><p>"I honestly didn't believe I'd learn much from the book because I've been working on Android security for many years. This belief could not have been more wrong. <i>Android Security Internals</i> has earned a permanent spot on my office bookshelf."<b>—Jon "jcase" Sawyer, from the Foreword</b

Android Security Internals: An In-Depth
📁 Android Security Internals: An In-Depth Guide to Android's Security Architecture
✍ Nikolay Elenkov 📂 Library 📅 2014 🏛 No Starch Press 🌐 English

<div><p>"I honestly didn't believe I'd learn much from the book because I've been working on Android security for many years. This belief could not have been more wrong. <i>Android Security Internals</i> has earned a permanent spot on my office bookshelf."<b>—Jon "jcase" Sawyer, from the Foreword</b

Android security internals an in-depth g
📁 Android security internals an in-depth guide to Android's security architecture
✍ Elenkov, Nikolay;Root, Kenny;Sawyer, Jon 📂 Library 📅 2015 🏛 No Starch Press 🌐 English

This book describes Android security architecture, including the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration. Coverage includes: how Android permissions are declared, used, and enforced; how Andr