Until now, we’ve focused on how Android implements sandboxing and privilege separation in order to isolate applications from one another and the core OS. In this chapter, we look at how Android ensures OS integrity and protects device data from attackers that have physical access to a device. We start with a brief description of Android’s bootloader and recovery OS, then discuss Android’s verified boot feature, which guarantees that the system partition is not modified by malicious programs. Next we look at how Android encrypts the userdata partition, which hosts OS configuration files and application data. This guarantees that the device can’t be booted without the decryption password and that user data can’t be extracted ...