Mobile Application Security

Prof. Rakshith
Cyber security trainer
CHAPTER-1

Introduction
Content
• History of Android
• Android hardware and Software
• Android architecture
• Android security and permission model’s
• Rooting
History of Android
History of Android

• Android Inc. was founded in Palo Alto, California, in October 2003 by

Andy Rubin, Rich Miner, Nick Sears, and Chris White.

• Rubin described the Android project as having "tremendous potential

in developing smarter mobile devices that are more aware of its owner's
location and preferences".

• The early intentions of the company were to develop an advanced

operating system for digital cameras, and this was the basis of its pitch
to investors in April 2004
Android Inc?

➢ Initially, Andy Rubin founded Android Incorporation in Palo Alto,

California, United States in October, 2003.
➢ In 17Th Aug 2005, Google acquired Android Incorporation. Since then, it
is in the subsidiary of Google Incorporation.
Android Inc. to Google Android

➢The Idea of making a open source smartphone operating system that

would rival Symbian, Apple IOS and Microsoft Windows Mobile was the
key reason Google not attracted to.
➢Back in 2005, the company quietly made what we think was its best
acquisition to date. It purchased the startup company Android for $50
million.
Key Dates

❑ October 2003 – Android Inc. was founded.

❑ July 2005 – Google acquired Android Inc.
❑ November 5th, 2007 – OHA (Open Handset Alliance) was formed.
❑ October 22nd, 2008 – First android Smartphone HTC Dream was
launched.
❑ September 8th, 2020 – Android OS’s Latest version Android 11
released.
Android Hardware

• The main hardware platform for Android is ARM (the ARMv7 and
ARMv8-A architectures), with x86 and x86-64 architectures also
officially supported in later versions of Android.
• The unofficial Android-x86 project provided support for x86
architectures ahead of the official support.
• Since 2012, Android devices with Intel processors began to appear,
including phones and tablets.
• While gaining support for 64-bit platforms, Android was first made
to run on 64-bit x86 and then on ARM64.
• Since Android 5.0 "Lollipop", 64-bit variants of all platforms are
supported in addition to the 32-bit variants. An unofficial
experimental port of the operating system to the RISC -V architecture
was released in 2021.
Android Software Architecture
Applications

• Applications is the top layer of android architecture.

• The pre-installed applications like home, contacts, camera, gallery etc and
third-party applications downloaded from the play store like chat applications,
games etc. will be installed on this layer only.
• It runs within the Android run time with the help of the classes and services
provided by the application framework.
Application framework –

► Application Framework provides several important classes which are

used to create an Android application. It provides a generic
abstraction for hardware access and also helps in managing the
user interface with application resources. Generally, it provides the
services with the help of which we can create a particular class and
make that class helpful for the Applications creation.

► It includes different types of services activity manager, notification

manager, view system, package manager etc. which are helpful for
the development of our application according to the prerequisite.
Android Runtime

► Android Runtime environment is one of the most important part

of Android. It contains components like core libraries and the Dalvik
virtual machine(DVM). Mainly, it provides the base for the
application framework and powers our application with the help of
the core libraries.

► Like Java Virtual Machine (JVM), Dalvik Virtual Machine (DVM)

is a register-based virtual machine and specially designed and
optimized for android to ensure that a device can run multiple
instances efficiently. It depends on the layer Linux kernel for
threading and low-level memory management. The core libraries
enable us to implement android applications using the standard
JAVA or Kotlin programming languages.
Platform libraries –
► The Platform Libraries includes various C/C++ core libraries a n d Java
based libraries such as Media, Graphics, Surface Manager, OpenGL
etc. to provide a support for android development.
► Media library provides support to play and record an audio
and video formats.
► Surface manager responsible for managing access to the display
subsystem.
► SGL a n d OpenGL both cross-language, cross-platform application
program interface (API) are used for 2D a n d 3D computer graphics.
► SQLite provides database support a n d FreeType provides font support.
► The Platform Libraries includes various C/C++ core libraries and Java
based libraries such as Media, Graphics, Surface Manager, OpenGL
etc. to provide a support for android development.
Platform libraries –
► Media library provides support to play and record an audio and video
formats.
► Surface manager responsible for managing access to the display
subsystem.
► SGL and OpenGL both cross-language, cross-platform application
program interface (API) are used for 2D and 3D computer graphics.
► SQLite provides database support and FreeType provides font support.
► Web-Kit This open source web browser engine provides all the
functionality to display web content and to simplify page loading.
► SSL (Secure Sockets Layer) is security technology to establish an
encrypted link between a web server and a web browser.
► Web-Kit This open source we b browser engine provides all the
functionality to display we b content a n d to simplify p a g e loading.
Linux Kernel
► Linux Kernel is heart of the android architecture. It manages all the
available drivers such as display drivers, camera drivers, Bluetooth
drivers, audio drivers, memory drivers, etc. which are required during
the runtime.
► The Linux Kernel will provide an abstraction layer between the device
hardware and the other components of android architecture. It is
responsible for management of memory, power, devices etc.
► The features of Linux kernel are:
► Security: The Linux kernel handles the security between the application
and the system.
Linux kernel
► Memory Management: It efficiently handles the memory management
thereby providing the freedom to develop our apps.
► Process Management: It manages the process well, allocates resources
to processes whenever they need them.
► Network Stack: It effectively handles the network communication.
► Driver Model: It ensures that the application works properly on the
device and hardware manufacturers responsible for building their drivers
into the Linux build.
Understanding Android Security Model

Permission Control

Privilege Control
Allocates separate PID to each
app
Android security model
Application Sandbox:-
What it is: Each Android app operates in its own sandbox, an isolated
environment that prevents the app from accessing other apps' data and system
resources without proper permissions.

➢ How it works:-
➢ User ID (UID): Each app is assigned a unique user ID at install time. The Linux
kernel enforces this isolation by associating each UID with a specific app and
its data.-
➢ File Permissions: The app can only access its own files and directories by
default. This ensures that even if an app is compromised, it cannot tamper with
other apps or the system.### 2.

➢ Permissions:-
➢ What it is:Permissions are a mechanism that controls an app's access to
system features and user data.
Android security model
➢ How it works:- Manifest Declaration: Apps declare the permissions they need
in their AndroidManifest.xml file.-
➢ Runtime Permissions: Since Android 6.0 (Marshmallow), sensitive
permissions (like access to camera, location, etc.) must be requested at
runtime, and users can grant or deny these permissions.
Application Signing:-
➢ What it is:Each Android app must be signed with a developer's private key
before it can be installed.

➢ How it works:-
➢ Signature Verification: When an app is installed, the system verifies its
signature against the developer's public key. This ensures the app’s integrity
and that it hasn't been tampered with.-
➢ Update Verification: For updates, the new version must be signed with the
same key as the original app, preventing unauthorized updates.
Android security model
Security-Enhanced Linux (SELinux):-
➢ What it is:SELinux is a mandatory access control (MAC) system that enhances
the security of the Linux kernel.
➢ How it works:-
➢ Policies: SELinux enforces policies that define how processes can interact with
each other and with the system. These policies help prevent privilege
escalation and unauthorized access.-
➢ Enforcement Modes: Android uses SELinux in enforcing mode, meaning
violations are blocked and logged.
Verified Boot:-
➢ What it is:Verified Boot ensures that the device's software hasn’t been
tampered with and only runs software verified by the manufacturer.
➢ How it works:- Boot Verification: During the boot process, each stage verifies
the integrity and authenticity of the next stage, from the bootloader to the
system partition.- Rollback Protection: It prevents downgrading to a previous,
potentially vulnerable version of the operating system.
Android security model
Google Play Protect:-

➢ What it is:Google Play Protect is a security service that continuously scans

devices and apps for harmful behavior.
➢ How it works:-
➢ App Scanning: It scans apps in the Google Play Store and on users’ devices
to detect and remove malicious apps.-
➢ SafetyNet: A set of APIs that help apps determine whether the device they're
running on is secure and not tampered with.

Encryption:-
➢ What it is:Encryption ensures that data stored on the device is protected from
unauthorized access.
Android security model
➢ How it works:-
➢ Full Disk Encryption: Encrypts all user data on the device. Since Android 7.0
(Nougat), this has been replaced by file-based encryption, which encrypts
individual files.-
➢ Encryption Keys: Managed by the Trusted Execution Environment (TEE),
ensuring keys are protected and never exposed to the main operating system.

User Authentication:-

➢ What it is:Mechanisms to verify the identity of the user.

➢ How it works:-
➢ Biometrics: Fingerprint, face recognition, and other biometric methods.-
Passwords/PINs/Patterns: Traditional authentication methods to unlock the
device.
Android security model
Network Security:-
➢ What it is:Measures to protect data transmitted over networks.

How it works:-

➢ HTTPS: Apps are encouraged to use HTTPS to encrypt data in transit.-

➢ Network Security Config: Developers can define network security settings in

a configuration file, ensuring secure connections and preventing insecure
connections.
Android security model
Security Updates:-

➢ What it is: Regular updates to address security vulnerabilities.

How it works:-
➢ Monthly Security Patches: Google releases monthly security patches to
address known vulnerabilities.-
➢ Project Treble: Aims to simplify and expedite the delivery of Android updates
by separating the underlying vendor implementation from the Android OS
framework.
Android security model
➢ Android takes advantage of this user isolation, but treats users differently than
a traditional Linux system (desktop or server) does. In a traditional system, a
UID is given either to a physical user that can log into the system and execute
commands via the shell, or to a system service (daemon) that executes in the
background (because system daemons are often accessible over the network,
running each daemon with a dedicated UID can limit the damage if one is
compromised). Android was originally designed for smartphones, and because
mobile phones are personal devices, there was no need to register different
physical users with the system. The physical user is implicit, and UIDs are used
to distinguish applications instead. This forms the basis of Android’s application
sandboxing.
Rooting (Android)
➢ Rooting is the process of allowing users of the Android mobile operating
system to attain privileged control (known as root access) over various Android
subsystems. As Android is based on a modified version of the Linux kernel,
rooting an Android device gives similar access to administrative (superuser)
permissions as on Linux or any other Unix-like operating system such as
FreeBSD or macOS.

➢ Rooting is often performed with the goal of overcoming limitations that carriers
and hardware manufacturers put on some devices. Thus, rooting gives the
ability (or permission) to alter or replace system applications and settings, run
specialized applications ("apps") that require administrator-level permissions or
perform other operations that are otherwise inaccessible to a normal Android
user. On some devices, rooting can also facilitate the complete removal and
replacement of the device's operating system, usually with a more recent
release of its current operating system.
How to Check the Root Status of the Phone
• Applications like Kinguser or Superuser on the device is an obvious sign that
the device has been rooted.
• These applications are installed as part of the rooting process to allow access
to superuser permission.
• These apps are also used for rooting the device lower version device as well as
check the status of the root.
• For some devices, the user can simply go to their Settings and click “About
Phone” to review the software versions on their device. Any irregularities in the
software will be noted.
Benefits of Android Rooting
• Custom ROMs:Install custom versions of Android (ROMs) for better
performance, extended features, or newer versions of Android not officially
available for the device.

• Full Control:Complete access to the system files and settings allows for
extensive customization.

• Remove Bloatware:Uninstall pre-installed apps (bloatware) that are not

removable on unrooted devices.

• Advanced Apps:Run apps that require root access, offering advanced

features like system-level backups, ad-blocking, and CPU overclocking.

• Performance Enhancements:Adjust system settings to improve battery life,

increase performance, and tweak hardware components.
References
1. https://www.codecademy.com/learn/learn-the-basics-of-android/modules/why-
android/cheatsheet

2. https://www.scaler.com/topics/android/android-hardware/
3. https://en.wikipedia.org/wiki/Rooting_(Android)
4. https://www.computerworld.com/article/1714347/android-versions-a-living-
history-from-1-0-to-today.html
5. https://www.uswitch.com/mobiles/guides/history-of-mobile-phones/
www.paruluniversity.ac.in