Android Security Internals: An In-Depth Guide to Android's Security Architecture (Paperback)

Nikolay Elenkov

買這商品的人也買了...

相關主題

商品描述

"I honestly didn't believe I'd learn much from the book because I've been working on Android security for many years. This belief could not have been more wrong. Android Security Internals has earned a permanent spot on my office bookshelf."- Jon "jcase" Sawyer, from the Foreword

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals—until now.

In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security system. Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.

You'll learn:

  • How Android permissions are declared, used, and enforced
  • How Android manages application packages and employs code signing to verify their authenticity
  • How Android implements the Java Cryptography Architecture (JCA) and Java Secure Socket Extension (JSSE) frameworks
  • About Android's credential storage system and APIs, which let applications store cryptographic keys securely
  • About the online account management framework and how Google accounts integrate with Android
  • About the implementation of verified boot, disk encryption, lockscreen, and other device security features
  • How Android's bootloader and recovery OS are used to perform full system updates, and how to obtain root access
With its unprecedented level of depth and detail, Android Security Internals is a must-have for any security-minded Android developer.

商品描述(中文翻譯)

「我一開始並不認為這本書能讓我學到多少東西,因為我已經在 Android 安全領域工作多年了。但這種想法完全錯誤。《Android 安全內部》已經成為我辦公室書架上的固定書籍。」- Jon 'jcase' Sawyer, 前言中的評論

如今,全球有超過十億部 Android 裝置在使用,每一部都可能成為攻擊目標。然而,對於大多數非頂尖安全專家來說,許多基本的 Android 安全功能一直是一個黑盒子,直到現在。

在《Android 安全內部》中,頂尖 Android 安全專家 Nikolay Elenkov 帶領我們深入了解 Android 安全系統的內部運作。Elenkov 從底層開始描述 Android 安全架構,深入探討了主要的安全相關組件和子系統的實現,例如 Binder IPC、權限、加密提供者和設備管理。

你將學到:

- Android 如何聲明、使用和執行權限
- Android 如何管理應用程式套件並使用程式碼簽署來驗證其真實性
- Android 如何實現 Java 加密架構 (JCA) 和 Java 安全套接字擴展 (JSSE)
- 關於 Android 的憑證存儲系統和 API,讓應用程式能夠安全地存儲加密金鑰
- 關於線上帳戶管理框架以及 Google 帳戶如何與 Android 整合
- 關於驗證啟動、磁碟加密、鎖屏和其他設備安全功能的實現
- Android 的開機程式和恢復作業系統如何執行完整系統更新,以及如何獲取 root 權限

《Android 安全內部》以前所未有的深度和細節,是任何注重安全的 Android 開發者必備的書籍。