“I honestly didn’t believe I’d learn much from the book because I’ve been working on Android security for many years. This belief could not have been more wrong. Android Security Internals has earned a permanent spot on my office bookshelf.”—Jon “jcase” Sawyer, from the Foreword

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now.

In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security system. Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.

You’ll learn:

How Android permissions are declared, used, and enforcedHow Android manages application packages and employs code signing to verify their authenticityHow Android implements the Java Cryptography Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworksAbout Android’s credential storage system and APIs, which let applications store cryptographic keys securelyAbout the online account management framework and how Google accounts integrate with AndroidAbout the implementation of verified boot, disk encryption, lockscreen, and other device security featuresHow Android’s bootloader and recovery OS are used to perform full system updates, and how to obtain root accessWith its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.