"It is a must-have for security architects and consultants as well as enterprise security managers who are working with mobile devices and applications."

Dr. Dena Haritos Tsamitis, Director, Information Networking Institute (INI) Director of Education, CyLab Carnegie Mellon University

"Good book for Android security enthusiasts and developers that also covers advance topic like reverse engineering of Android applications. A must have book for all security professionals."

Sanjay Katkar, Co-Founder Quick Heal Technologies

"It's an excellent book for professional businesses that are trying to move their corporate applications on mobile / Android platform. It helped me understand the threats foreseen in Android applications and how to protect against them. Thanks for putting together a structured text on Android security."

Jagmeet Malhotra, Vice President, Royal Bank of Scotland

"Smart mobile devices need smart security. If you are facing the complex challenge of securing data and applications for Android, this book provides valuable insight into the security architecture and practical guidance for safeguarding this modern platform."

Gerhard Eschelbeck, Chief Technology Officer, Sophos

"Abhishek and Anmol's book Android Security: Attacks & Defenses is a great introduction to Android security. Their chapter "Reverse Engineering Android Applications" provides the groundwork for anybody interested in mobile malware analysis and cracking the nitty-gritty of most Android apps."

Nicholas Falliere, Founder JEB Decompiler & Security Researcher

"In their book Android Security: Attacks and Defenses, Dubey and Misra have filled a critical gap in software security literature by providing a unique and holistic approach to addressing this critical and often misunderstood topic..."

James Ransome, Senior Director, Product Security McAfee . An Intel Company

The book gives security professionals and executives a practical guide to the security implications and best practices for deploying Android platforms and applications in the (corporate) environment.

Steve Martino, VP Information Security, Cisco

Chapter 1

          Introduction

In this chapter, we introduce the reader to the mobile devices landscape and demonstrate why Android security matters. We analyze the evolution of mobile security threats, from basic phones to smartphones (including ones running the Android platform). We move on to introduce Android history, releases, and marketplaces for Android applications.



Chapter 2

    Android Architecture

In this chapter, we introduce the reader to Android architecture. We cover various layers in the Android software stack, from the Linux kernel to applications, as well as the extent to which they have security implications. We then walk the reader through the Android start-up process and setup of the Android environment, and we present the various tools available to us through the Android Software Development Kit (SDK). We also provide hands-on instruction for downloading and installing the Android SDK and interacting with shell commands.



Chapter 3

        Android Application Architecture

In this chapter, we introduce the reader to Android Application Architecture. We present various components that make up an Android application, and we demonstrate how these components work when an application is running, through the use of logcat. We then cover the application lifecycle phases of an Android application. By end of the chapter, the reader will be able to describe the typical components of an Android application, determine when to use these components, and understand application lifecycle phases.



Chapter 4

   Android (in) Security

In this chapter, we turn our focus to Android’s built-in security mechanisms at the platform level as well as its application layers. The reader should be familiar with Android architecture (covered in Chapter 2) and Android application basics (building blocks, frameworks) (covered in Chapter 3). This chapter builds on an understanding of the platform and application layers to demonstrate the security features provided by Android. This chapter also introduces the reader to different Interprocess Communication (IPC) mechanisms used by Android application components.



Chapter 5

   Pen Testing Android

In this chapter, we focus on pen testing the Android platform and applications. We start by covering penetration methodology, discussing how to obtain details on the Android operating system. We then turn to pen testing Android applications and discuss security for Android applications. Towards the end, we talk about relatively newer issues (including storage on clouds) and patching. Finally, we showcase recent security issues for Android applications.The reader should now be familiar with Android architecture (covered in Chapter 2), Android application basics (building blocks, frameworks; covered in Chapter 3), and Android permissions and security models (covered in Chapter 4).