300 likes | 314 Views
Android Overview. Android (Google) is a widely anticipated open source operating system for mobile devices, Supporting Bluetooth ( wireless for short distance) Wi-Fi (wireless for 150 feet indoors, 300 ft outdoors) 3G(200 kbits/sec ) and 4G ( 100 Mbit -1Gbit/sec)
E N D
Android Overview Android (Google) is a widely anticipated open source operating system for mobile devices, Supporting Bluetooth (wireless for short distance) Wi-Fi (wireless for 150 feet indoors, 300 ft outdoors) 3G(200 kbits/sec) and 4G (100 Mbit -1Gbit/sec) Android software stack Android Linux operating system Middleware(Dalvik Runtime Optimized Java virtual machineVM,Java API) and Library(Phone, contact, GPS map, SQLite, OpenGL.)
Linux kernel Layer • Android relies on Linux kernel • Supplies management of security, memory process, network, and drivers • Acts as an abstraction layer between the hardware and the rest of the Android software stack
Library Layer • System C libraries and function Libraries, supporting multimedia, web browser, SQLite... Native Services to hardware • Android runtime: DalvikVirtual Machine(DVM) • Not a JVM, but works similarly, one app per DVM • Each DVM runs under Linux as a separate user • Executes files in the Dalvik Executable (.dex) format Java core Libraries • Provides most of the functionality of the Java programming language. Java core libraries rely on the Dalvik VM and the underlying Linux kernel Every Android application runs in its own process, with its own instance of the Dalvik virtual machine
Application Framework Layer • Simplify the reuse of components • Applications can publish their capabilities and any other application may then make use of those capabilities • Applications is a set of services • Views system, content providers, resources managers such as • Activity Manager, manages the lifecycle of applications and provides a common navigation backstack • Notification Manager, enables all applications to display custom alerts in the status bar • Resource Manager, providing access to non-code resources such as localized strings, graphics, and layout files • Views, used to build an application, including lists, grids, text boxes, buttons, and even an embeddable web browser
Applications Layer • A set of core applications shipped with Android platform • an email client, SMS program, calendar, maps, browser, contacts, and others • All written in Java • User applications are also here
Features of Android • Popularity (High market share) • AWAT • Enabled SMS • Enabled GPS • Cameras & microphones • Open source apps • Development with Java • Linux based • Short learning curve with IDE Java Eclipse IDE for Android app development • Easy deployment to mobile device • Easy to distribute apps via Android Market Share app, Sell app, Download & reuse open source apps
Cont. • Hot job market • Market for mobile software surges from $4.1 billion in 2009 to $17.5 billion by 2012 • 2010 Dice.com survey: 60% for Android • Dice.com: mobile app developers made $85,000 in 2010 and salaries expected to rise2
Limitations • screen size • battery life time • processor capacity • Slow network access and Web browser • Input: soft keyboard, phone keypad, touch screen, or stylus • Security
Android App • Apps(coded in Java) are packaged in .apk distribution format(executable file installed on your phone), variant of .jar, then downloaded to device and installed • .apks contain .dex files (Dalvik Executable), manifest and various other resource files • Manifest contains security and link info, hardware access info, … • App development requires either an Android OS device or an emulator
AndroidManifest.xml Declare Intents handled by the current application (in the AndroidManifest): <?xml version="1.0" encoding="utf-8"?><manifest . . . > <application . . . > <activity android:name="com.example.project.FreneticActivity"android:icon="@drawable/small_pic.png"android:label="@string/freneticLabel" . . . > <intent-filter . . . > <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> <intent-filter . . . > <action android:name="com.example.project.BOUNCE" /> <data android:mimeType="image/jpeg" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity> . . . </application></manifest>
Android Applications Written in Java (it’s possible to write native code) Good separation (and corresponding security) from other applications: Each application runs in its own process Each process has its own separate VM Each application is assigned a unique Linux user ID – by default files of that application are only visible to that application (can be explicitly exported)
Application Components • Activities – visual user interface focused on a single thing a user can do • Services – no visual interface – they run in the background • Broadcast Receivers – receive and react to broadcast announcements • Content Providers – allow data exchange between applications
Shutting down components • Activities Can terminate itself via finish(); Can terminate other activities it started via finishActivity(); • Services Can terminate via stopSelf(); or Context.stopService(); • Content Providers Are only active when responding to ContentResolvers • Broadcast Receivers Are only active when responding to broadcasts
Activity • Activities provide a user interface for one specific task, basic component of most applications, Present a visual user interface for one focused endeavor the user can undertake • Ex: Email app might have one activity that shows a list of new emails, another activity to compose an email, and another activity for reading emails • Implement by subclassing Activity class • Most applications have several activities that start each other as needed • Each is implemented as a subclass of the base Activity class
Service • Services execute background processing, no visual interface Ex: Downloads, Playing Music, , Run in the background for an indefinite period of time, calculate and provide the result to activities that need it, TCP/UDP Server • You can bind to an existing service, control its operation, and run in background • Play music, alarm clock, etc. • Secured if using permissions • Callers may need to verify that service is the correct one
Content provider • Data storage facilities which supports data exchange between applications • Store and retrieve data and make it accessible to all applications • Make data available to other applications • Transfer data between applications in Android • Other applications use a ContentResolver object to access the data provided via a ContentProvider • Example: Android ships with a number of content providers for common data types (e.g., audio, video, images, personal contact information, etc.)
ContentProviders • Generally SQL backend • Used to share content between apps • Access controlled through permission tags • Apps can be dynamically authorized access control • Possible security hole • Must protect against SQL injection • verify input using parameterization
Broadcast receivers • Broadcast receivers act as mailboxes for messages from other applications. It receives and reacts to broadcast announcements • If an app registered the receiver in adv., the event will notify and call back the registered software • Ex: Low battery, power connected, shutdown, timezone changed, Receive and react to broadcast announcements that the time zone has changed
Broadcast receivers • Act as receivers for multiple components • Provide secure IPC • Done by specifying permissions on BroadcastReceiver regarding sender • Otherwise, behave like activities in terms of IPC • Can’t define permission • Don’t send sensitive data
Component life cycle • Activities • Can terminate itself via finish(); • Can terminate other activities it started via finishActivity(); • Services • Can terminate via stopSelf(); or Context.stopService(); • Content Providers • Are only active when responding to ContentResolvers • Broadcast Receivers • Are only active when responding to broadcasts
Intent • Intent is a goal action component which takes care of the process of inter-components communication (ICC) • Intent is simply a message object containing a destination component address and data • Protection • Each application executes as its own user identity, such that OS provides system-level isolation; • Android middleware contains a reference monitor that mediates the inter-component communication (ICC).
Intent(cont.) Intent action: • Start an Activity • Broadcast events or changes • Start, stop, resume. or communicate with background Services • Access data held by ContentProviders • Call back to handle events • Carry data with Extras (key, value)
Android component activation • An intent is an object which can have a message content and start Activities, services and broadcast receivers - ContentProvider is started by ContentResolvers • An activity is started by Context.startActivity(Intent intent) or Activity.startActivityForResult(Intent intent, int RequestCode) • A service is started by Context.startService(Intent service) • An application can initiate a broadcast by using an Intent in any of Context.sendBroadcast(Intent intent), Context.sendOrderedBroadcast(), and Context.sendStickyBroadcast()
Intent Filters • Used to determine recipient of Intent • Specify the main entrance for activities • A user interface consists of a series of Activities • Each Activity is a “screen”. • Intent may leave a security flaw (hole) • Solution: Intents explicitly define receiver
System level protection for Android app • Each app runs as a unique user identity such that Android can limit the potential damage of programming flaws. • Each app runs in own VM sandbox using unique UID • Each app requests a simple permission label assignment model to restrict access to resources and other applications if necessary • Ex. of permission: Internet, camera, GPS • Permission specifies an access policy to protect its resources.
Android Permissions • All permission of Android’s policy are set at install time and can’t change until the application is reinstalled. • Android’s permission only restricts access to components and doesn’t currently provide information flow guarantees. • A permission is listed in app’s manifest definition XML file. • If a public component doesn’t explicitly declare any access permission, Android permits any application to access it. • Component A’s ability to access components B and C is determined by comparing the access permission labels on B and C to the collection of permission labels assigned to application A.
Android App Signature • All Android applications must be signed, but are usually self-signed • Why self signing? • Market ties identity to developer account • No CA in Google, Google does not have central control over the app’s signature certificates • No applications are trusted. No "magic key" • What does signing determine? • Author-update • In signature schemes, the private key is used to sign a app or message; anyone can check the signature using the public key.
Permissions Levels • User can assign permissions to applications at - normal • dangerous • signature • signatureOrSystem • http://developer.android.com/guide/developing/building/index.html#detailed-build
Reference 1.http://www.businessweek.com/technology/content/oct2010/tc20101020_639668.htm 2. http://it-jobs.fins.com/Articles/SB129606993144879991/Mobile-App-Developers-Wanted-at-Ad-Agencies 3.http://www.gartner.com/it/page.jsp?id=1466313 4.http://developer.android.com/guide/developing/index.html 5.Android Overview, http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=0CEcQFjAG&url=http%3A%2F%2Fai.arizona.edu%2Fmis510%2Fslides%2FAndroid%2520Overview.ppt&ei=4HBXUNPvMuPe0QGm3oCYCg&usg=AFQjCNE2Li9vyh34rECKYDuOjKjI5pjyzw&sig2=E-wfIL1bPNJacCi6ZaAWCA 6. Mobile Application Security on Android, Originally presented by Jesse Burns at Black Hat 2009