Preface

Android has quickly become one of the most popular mobile operating systems, not only to users but also developers companies of all kinds. Of course, because of this it's also become quite a popular platform to malicious adversaries.

Android has been around in the public domain since 2005 and has seen massive growth in capability and complexity. Mobile smart phones in general now harbor very sensitive information about their users as well as access to their e-mails, text messages, and social and professional networking services. As with any software, this rise in capability and complexity also brings about a rise in security risk; the more powerful and more complex the software becomes, the harder they are to manage and adapt to the big bad world.

This applies especially to software on mobile smart phones. These hot beds of personal and sensitive information present an interesting security context in which solve problems. From one perspective, the mobile smart phone security context is very difficult to compare to the servers on a network or in the "cloud" because, by their very nature, they are not mobile. They cannot be moved or stolen very easily; we can enforce both software and physical security measures to protect unauthorized access to them. We can also monitor them constantly and rapidly respond to the security incidents autonomously. For the devices we carry around in our pockets and handbags, and forget in taxi cabs, the playing field is quite different!

Android users and developers express a need to be constantly aware of their mobile security risks and, because of this need, mobile security and risk assessment specialists and security engineers are in high demand. This book aims to smoothen the learning curve for budding Android security assessment specialists and acts as a tool for experienced Android security professionals with which to hack away at common Android security problems.