- Paperback: 576 pages
- Publisher: Wiley (2014)
- Language: English
- ISBN-10: 9788126549221
- ISBN-13: 978-8126549221
- ASIN: 812654922X
- Package Dimensions: 23.2 x 18.2 x 2.6 cm
- Customer Reviews: 61 customer ratings
Amazon Bestsellers Rank:
#1,52,001 in Books (See Top 100 in Books)
- #683 in Programming Languages (Books)
Android Hacker's Handbook (MISL-WILEY) Paperback – 1 January 2014
What other items do customers buy after viewing this item?
Customers who viewed this item also viewed
About the Author
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter mobile phone number.
Customers who bought this item also bought
Review this product
There was a problem filtering reviews right now. Please try again later.
Top international reviews
Pour les anglophones. Un livre assez pointu pour les non connaisseurs des systèmes et de la programmation sous Unix/Linux et Java, mais accessible à tout curieux de ce monde ouvert et/ou à tout curieux de ce que fait son portable android, et comment mieux le gérer.
A conseiller à tout curieux (anglophone) de ce qu'est une machine Android et comment l'atteindre au cœur.
Ouvrage récent ( couvrant jusqu'à Android 4.4.2 )
Sehr viel Bereiche werden detailliert und mit anschaulichen Tabellen verständlich erklärt.
I rooted my new phone soon after
It has taken me a while to skim through this thick tome, enough to appreciate the depth of knowledge on show here from the collection of contributors. I have a technical background in these matters, having built several different computers from scratch from as long ago as 1980 when one had to design and make the circuits and write the operating system and tools. So I recognised the words and syntax and in most cases what was being discussed, and I know enough Unix and system languages to fully understand the reasoning and techniques.
However it is still beyond my ability level (old age?) to be able to actually use it effectively in the manner intended by the authors, and there are just too many software tools to learn which one needs to be able explore more deeply the methods and analyse the results. The topic is just too big! It would be a full-time occupation to use this book to the best advantage; which points to the most likely reader being a student or developer, both of whom will find it invaluable.
If one was already an expert, then it might well fill in some knowledge gaps that lack of time in a fast moving playing-field has prevented one from keeping up with, but I expect most of them will be familiar with all the techniques. However these same busy experts will be able to point to a section when asked the question and say, "It's in there, use your own brain, now let me get back to my work."
The book is highly technical but progresses logically and systematically from the opening chapter's consideration of the Android ecosystem with particular emphasis on the security implications arising from implementation fragmentation and compatibility issues, through specific features of Android design and functionality and the vulnerabilities arising therefrom, and finally wrapping everything up with an exposition of the possibilities arising from direct access to Android devices' hardware components to further research device vulnerabilities. Along the way, individual chapters concentrate on subjects which include:
* Android security deign and architecture, including a look at its various logical layers
* rooting the device, including an overview of root exploits that have been used in the past
* application security issues including an overview of the common security issues affecting Android apps, with worked case studies which show how to identify security-pertinent components and then exploit them to compromise data security
* Android's overall attack surface, looking at all of the ways that Android devices can be attacked and how to identify exposed endpoints on an Android device
* fuzz testing, providing an introduction to fuzzing and moving to an exploration of high level process fuzzing including identifying targets, creating and processing test inputs, together with a full explanation of the challenges involved and the benefits that can be gained
* analysing vulnerabilities, showing how to find the root cause of these and judging their exploitability
* exploiting user space, including an exploration of how to develop an exploit that utilises user space memory corruption
* exploring the potential of return oriented programming for achieving arbitrary native code operation
* mounting kernel attacks by exploiting the monolithic design, distribution model, configuration and consequential vast exposed attack surface that the kernel presents
* an explanation of Android's radio interface layer, providing an understanding of the Android telephony stack, which allows monitoring of the communications between that layer and the manufacturer's modem which interfaces Android to cellular hardware
* an exposition of the various exploit mitigations which mark progress in the arms race between attacker and defender and providing a full summary of the various hardening measures that can be implemented.
The good thing about the book is that while each section flows naturally from the preceding one, each is also sufficiently complete and self-contained that the book can be dipped into and mined for information and assistance with specific topics without the need to work through all of the details of earlier chapters. The book is exemplary in the clarity of the writing as well as the comprehensiveness of the material it covers: those with the background knowledge necessary to understand the basic subject matter should find that they will learn a lot very quickly from this book.
As you have no doubt gathered by now, the book is not for the faint-hearted or for the novice reader. It assumes considerable knowledge of network systems security issues, as well as a sound working knowledge of Ubuntu and a familiarity with the Android Open Source Project. In places, it also expects a certain degree of comfort with assembly language programming. The book is very hands-on in its approach and consequently assumes the reader has ready access to an Android device (preferably from the Google Nexus family), an Ubuntu 12.04 development machine and copies of the Android Software Developers Kit and the Android Native Development Kit.
All in all, this book is an excellent tool in the on-going war against cyber exploits in the mobile domain and should be on the required reading list of all mobile security professionals, as well as each and every Android application developer. You can be pretty sure the bad guys will be queuing up to get their hands on it and will be devouring every piece of information within it!
The bad boys are the manufacturers and networks, both of whom add a layer of alteration to the pristine Android supplied by Google and customize it, maybe introduce bugs and security issues, and then perhaps don't even release any update.
It is thus surprising that Android is so good. Despite the above shortcomings it is rapidly becoming the Number One mobile OS in all countries, even the USA. One consequence of having so many OEMs and versions is that any exploit that works on one phone will have little chance of working on many others, as is made clear in this book.
If you always wondered what an unlocked bootloader was, what happens when you root a phone, or why you do it one way for one phone and another way for another, and what first rate security layers are already in your phone then this is for you. It isn't light reading, but then, did you expect it to be?
Neither is a beginners guide to making your Android Apps secure.
This is an in-depth look at ow security works (and has failed in the past) on the Android OS platform.
I'm not a security professional, nor am I a professional programmer - though I do dabble in a bit of coding for web, PC, Linux and Android - but being a geek at heart I find dipping in and out of this fascinating.
For a professional this book certainly seems to have a lot of information that you should be aware of. If you are aware of it already, great. If not then you need this book. It's one of those 'if you don't know what you don't know' situations... you need this book to make sure you've at least thought of what others have though of before.
You're never going to be completely ahead of the hacking curve, but this book tells you how the OS has been hacked in the past with general methods and specific details. The examples, though, are backed up with a wealth of general information about how the OS works which should give you the best chance of plugging some holes before they are exploited.
To the novice it may be surprising just how similar some of these previous attack methods have been. To the expert it should be a lesson in how not to get bitten twice.
The author is obviously experienced in the subject matter, for there is lot of content and with a great amount of detail. There are snippets of code included, which helps turn abstract concepts and discussion into a physical example to aid learning, which is something I found very useful. Some of the code structures and algorithms included are not necessarily in the most optimised way, but they are written clearly so they are easy to understand for people with any level of skill and the intention behind them is clear to see.
This book starts from the basics and beginnings of Android and covers pretty much everything, from internal architecture to less technical matters, such as market share too. If you want a thorough guide you can really take something from, then I would recommend this.
I haven't finished the book yet - it's over 500 pages, but after the first few chapters I feel much better informed about Android's history; its security and structure, and the operation of key concepts such as rooting. The book is well written, and covers technical detail with clarity whilst retaining a comprehensive coverage and technical depth.
This book is going to be very useful to mobile device systems administrators, Android developers, and anyone concerned with mobile device security. Students on forensic computing or cyber security courses are likely to find this book especially useful.