Anmol Misra - Android Security: Attacks and Defenses

CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742

2013 by Taylor & Francis Group, LLC
CRC Press is an imprint of Taylor & Francis Group, an Informa business

No claim to original U.S. Government works
Version Date: 20130403

International Standard Book Number-13: 978-1-4822-0986-0 (eBook - ePub)

This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe.

Visit the Taylor & Francis Web site at
http://www.taylorandfrancis.com

and the CRC Press Web site at
http://www.crcpress.com

To Mom, Dad, Sekhar, and Anupam
- Anmol

To Maa, Papa, and Anubha
- Abhishek

Ever-present cyber threats have been increasing against mobile devices in recent years. As Android emerges as the leading platform for mobile devices, security issues associated with the Android platform become a growing concern for personal and enterprise customers. Android Security: Attacks and Defenses provides the reader with a sense of preparedness by breaking down the history of Android and its features and addressing the methods of attack, ultimately giving professionals, from mobile application developers to security architects, an understanding of the necessary groundwork for a good defense.

In the context and broad realm of mobility, Dubey and Misra bring into focus the rise of Android to the scene and the security challenges of this particular platform. They go beyond the basic security concepts that are already readily available to application developers to tackle essential and advanced topics such as attack countermeasures, the integration of Android within the enterprise, and the associated regulatory and compliance risks to an enterprise. By reading this book, anyone with an interest in mobile security will be able to get up to speed on the Android platform and will gain a strategic perspective on how to protect personal and enterprise customers from the growing threats to mobile devices. It is a must-have for security architects and consultants as well as enterprise security managers who are working with mobile devices and applications.

Dr. Dena Haritos Tsamitis
Director, Information Networking Institute (INI)
Director of Education, Training, and Outreach, CyLab
Carnegie Mellon University

Dr. Dena Haritos Tsamitis heads the Information Networking Institute (INI), a global, interdisciplinary department within Carnegie Mellon Universitys College of Engineering. She oversees the INIs graduate programs in information networking, information security technology and management, and information technology. Under her leadership, the INI expanded its programs to global locations and led the design of bicoastal programs in information security, mobility, and software management in collaboration with Carnegie Mellons Silicon Valley campus. Dena also directs education, training and outreach for Carnegie Mellon CyLab. She serves as the principal investigator on two educational programs in information assurance funded by the NSFthe CyberCorps Scholarship for Service and the Information Assurance Capacity Building Programand she is also the principal investigator on the DOD-funded Information Assurance Scholarship Program. She received the 2012 Barbara Lazarus Award for Graduate Student and Junior Faculty Mentoring from Carnegie Mellon and the 2008 Women of Influence Award, presented by Alta Associates and CSO Magazine, for her achievements in information security and education.

The launch of the Apple iPhone in 2007 started a new era in the world of mobile devices and applications. Googles Android platform has emerged as a serious player in the mobile devices market, and by 2012, more Android devices were being sold than iPhones. With mobile devices becoming mainstream, we have seen the evolution of threats against them. Androids popularity has brought it attention from the bad guys, and we have seen attacks against the platform on the uptick.

In this book, we analyze the Android platform and applications in the context of security concerns and threats. This book is targeted towards anyone who is interested in learning about Android security or the strengths and weaknesses of this platform from a security perspective. We describe the Android OS and application architecture and then proceed to review security features provided by the platform. We then describe methodology for analyzing and security testing the platform and applications. Towards the end, we cover implications of Android devices in the enterprise environment as well as steps to harden devices and applications. Even though the book focuses on the Android platform, many of these issues and principles can be applied to other leading platforms as well.