As smartphone sales continue to increase, Android has seen an incredible jump in market share. In the third quarter of 2012 (a period of three months), 122 million Android devices were sold worldwide. This represents a 72 percent market share for Android for the period. In this context, security is a real concern for Android owners. Malware and viruses are real threats to the Android ecosystem. Although this has not become a mainstream issue, it is looming around the corner. Fortunately, security has always been a top priority in the Android development community, and I’m glad Gunasekera has written this very readable book. For general network security (forensics), readers should refer to Davidoff and Ham’s excellent and detailed treatise .
The book starts off with a detailed description of the Android architecture. This reveals one of the issues with this sort of book: they are very time-sensitive. The book says that “Android runs on top of the Linux 2.6 kernel,” but of course a newer version of Android called Ice Cream Sandwich runs on the 3.0.31 kernel. Developers have to take this into consideration when going through the book.
Since Android is an open architecture, anyone can write and publish apps; this results in a largely unmediated ecosystem. There are other books that cover this, Six’s being a prominent one . The problem is not specific to the Android ecosystem. Other mobile operating systems, like iOS, need an equal treatment, too (Zdziarski offers such a book ). In an open ecosystem, there is an inherent security risk with the approach. With good architecture and design principles, developers can make secure and robust systems. This book presents several good examples in Java, and demonstrates how to develop them with secure good practices. I like that the book includes several diagrams; detailed class name and description tables; and sample application screen shots. One chapter is devoted exclusively to cryptographic systems. Beginners will benefit immensely from this chapter, which is one of the best summaries I have seen on the subject. One chapter deals with client-to-server communication, the client being the Android app, and another chapter on Android-to-web-server communication deals with the secure sockets layer (SSL) and OAuth protocols. The remaining chapters address piracy and malware threats.
Overall, this is an appropriate book for the Android community. New developers should make an effort to ensure that their apps honor the privacy concerns of users, and are robust and secure from any current attacks. They should also update their apps regularly to address new threats and coding issues, such as buffer overflow attacks.
Many students are now programming for mobile platforms. I recommend this book to graduate-level students in computer science. If developers make security a top priority, it will become a part of the available apps, thus enhancing the ecosystem with solid products. In two or three years, this book could be obsolete. However, the book is timely as of the time of writing this review, and should be in every Android developer’s library.