Android Security

Smart phones are becoming primary target for cyber crimes as it is easy to target and can provide a lot of information and are rarely managed or monitored.

Mobile cyber attacks is increasing day by day, as it has already increased by 40%. Android is the most used OS in the world. Highest OS share with 75% in Q1 2019.

List of things which are not authorized:

* Unauthorized interception

* Unauthorized access

* Access to data without the owner's permission

* Alteration of data

* Destruction or deny of service

Cyber crimes are not same between countries, your judiciary may belong a country or a packet of country where you can transmit.

App components:

These components from where users can interact with OS:

1. Activities : User interface

2. Services : Background operations, does not provide user interface, eg. music playing in the background

3. Broadcast receivers : System-wide broadcast, eg. batter low, boot complete.

4. Content providers : Sharing data interface, data access layer; files, database

Unique style: Any app can start any other app's components. for eg. if you want to use a feature like camera or calling, any other app would also have the same feature inbuilt in them.

Usually the app is running separately with file permissions which restricts permission to other apps. So that your app can't directly access the component from another app. But android can.

To activate a component in another app, deliver a message, to a system that specify your intent to start a particular component. The system than activate the component for you.

Android is an open system for mobile phones, and tablets; maintained by google and comes in few different versions. As it is open source, users don't have to pay to google to use it and it is free to modify

Android Stack:

Bottom to up:

1. Linux kernel: provides system functionality such as process, device management, memory and networking.

2. Hardware Abstraction Layer: Layer provides center interface that exposes italic capabilities to higher level

3. Android runtime: includes core libraries and runtime environment used for running android app.

4. Libraries: At the same level of ART, we also have native C, C++ libraries such as lipsy, sequel light, ssl

5. Java API framework: accessible to developer to create app

6. System applications/ Other applications: provides core apps such as email, sms, mails

Virtual machine is needed to run an Application; 1. virtual machine isolates the execution of the program from the OS. It is protecting the malicious code form affecting the system files; 2. Virtual machines execute code independent of the CPU architecture.

Android doesn't use JVM (java virtual machine); 1. Mobile environment has constraints such as battery and memory (RAM); 2.

There are 4 different ways to store data in android device. The first three were application data/data/data folder; Shared preferences, stores application preference data in XML; Internal storage, stores data internally; SQLite, stores data in proper database which is not accessible by application.

External Storage; typical would be SD card.

Some important directories:

The user installed app will be placed in /data/data and the apk file coming with the system image will be placed on /system/app folder.

The Application Structure:

Res-icons

Assets-music,video

Message digest is one way hash function. (for all source file in apk file)

Each application in Android runs its own virtual environment (sandbox)!

The permission model will provide a separate user ID to be assigned per application in order to enforce segmentation.

Application assigned by developers, signed application certificate defines which user ID is associated with which application. User ID should be unique, but sometimes two applications are assigned the same user ID.

If the certificate matches the key used to sign any other APK on the device, the new apk has the option to specify the manifest that is will share a user ID with the other similarly-signed apks.