Android Overview

1
Android Overview
2
Android Overview

• Android (Google) is a widely anticipated open
• source operating system for mobile devices,
• Supporting
• Bluetooth (wireless for short distance)
• Wi-Fi (wireless for 150 feet indoors, 300 ft
  outdoors)
• 3G(200 kbits/sec) and 4G (100 Mbit -1Gbit/sec)
• Android software stack
• Android Linux operating system
• Middleware(Dalvik Runtime Optimized Java virtual
  machineVM, Java API) and Library(Phone, contact,
  GPS map, SQLite, OpenGL.)

3
Android Architecture
4
Linux kernel Layer

• Android relies on Linux kernel
• Supplies management of security, memory process,
  network, and drivers
• Acts as an abstraction layer between the hardware
  and the rest of the Android software stack

5
Library Layer

• System C libraries and function Libraries,
  supporting multimedia, web browser, SQLite...
  Native Services to hardware
• Android runtime
• Dalvik Virtual Machine
• Executes files in the Dalvik Executable (.dex)
  format
• Java core Libraries
• Provides most of the functionality of the Java
  programming language.
• Java core libraries rely on the Dalvik VM
  and the underlying Linux kernel
• Every Android application runs in its own
  process, with its own instance of the Dalvik
  virtual machine

6
Application Framework Layer

• Simplify the reuse of components
• Applications can publish their capabilities and
  any other application may then make use of those
  capabilities
• Applications is a set of services
• Views system, content providers, resources
  managers such as
• Activity Manager, manages the lifecycle of
  applications and provides a common navigation
  backstack
• Notification Manager, enables all applications to
  display custom alerts in the status bar
• Resource Manager, providing access to non-code
  resources such as localized strings, graphics,
  and layout files
• Views, used to build an application, including
  lists, grids, text boxes, buttons, and even an
  embeddable web browser

7
Applications Layer

• A set of core applications shipped with Android
  platform
• an email client, SMS program, calendar, maps,
  browser, contacts, and others
• All written in Java
• User applications are also here

8
Features of Android

• Popularity (High market share)
• AWAT
• Enabled SMS
• Enabled GPS
• Cameras microphones
• Open source apps
• Development with Java
• Linux based
• Short learning curve with IDE Java Eclipse IDE
  for Android app development
• Easy deployment to mobile device
• Easy to distribute apps via Android Market
• Share app, Sell app,
• Download reuse open source apps

9
Cont.

• Hot job market
• Market for mobile software surges from 4.1
  billion in 2009 to 17.5 billion by 2012
• 2010 Dice.com survey 60 for Android
• Dice.com mobile app developers made 85,000 in
  2010 and salaries expected to rise2

10
Limitations

• screen size
• battery life time
• processor capacity
• Slow network access and Web browser
• Input soft keyboard, phone keypad, touch screen,
  or stylus
• Security

11
Android App software components

• Activity
• Service
• Broadcast Receiver
• Intent
• Content Provider
• Android App Development Tutorial

http//www.slideserve.com/lyndon/android-developme
nt-tutorial
12
Activity

• Activities provide a user interface for one
  specific task, Basic component of most
  applications
• Most applications have several activities that
  start each other as needed
• Each is implemented as a subclass of the base
  Activity class

13
Service

• Services execute background processing, no visual
  interface
• Ex Downloads, Playing Music, TCP/UDP Server
• You can bind to an existing service, control its
  operation, and run in background
• Play music, alarm clock, etc.
• Secured if using permissions
• Callers may need to verify that service is the
  correct one

14
Content provider

• Content providers are data storage facilities
  which supports data exchange between
  applications
• Make data available to other applications
• Transfer data between applications in Android
• Other applications use a ContentResolver object
  to access the data provided via a ContentProvider

15
ContentProviders

• Generally SQL backend
• Used to share content between apps
• Access controlled through permission tags
• Apps can be dynamically authorized access control
• Possible security hole
• Must protect against SQL injection
• verify input using parameterization

16
Broadcast receivers

• Broadcast receivers act as mailboxes for messages
  from other applications. It receives and reacts
  to broadcast announcements
• If an app registered the receiver in adv., the
  event will notify and call back the registered
  software
• Ex Low battery, power connected, shutdown,
  timezone changed, etc.

17
Broadcast receivers

• Act as receivers for multiple components
• Provide secure IPC
• Done by specifying permissions on
  BroadcastReceiver regarding sender
• Otherwise, behave like activities in terms of IPC
• Cant define permission
• Dont send sensitive data

18
Component life cycle

• Activities
• Can terminate itself via finish()
• Can terminate other activities it started via
  finishActivity()
• Services
• Can terminate via stopSelf() or
  Context.stopService()
• Content Providers
• Are only active when responding to
  ContentResolvers
• Broadcast Receivers
• Are only active when responding to broadcasts

19
Intent

• Intent is a goal action component which takes
  care of the process of inter-components
  communication (ICC)
• Intent is simply a message object containing a
  destination component address and data
• Protection
• Each application executes as its own user
  identity, such that OS provides system-level
  isolation
• Android middleware contains a reference monitor
  that mediates the inter-component communication
  (ICC).

20
Intent(cont.)

• Intent action
• Start an Activity
• Broadcast events or changes
• Start, stop, resume. or communicate with
  background Services
• Access data held by ContentProviders
• Call back to handle events
• Carry data with Extras (key, value)

21
Android component activation

• An intent is an object which can have a message
  content and start Activities, services and
  broadcast receivers
• - ContentProvider is started by
  ContentResolvers
• An activity is started by Context.startActivity(In
  tent intent) or Activity.startActivityForResult(In
  tent intent, int RequestCode)
• A service is started by Context.startService(Inte
  nt service)
• An application can initiate a broadcast by using
  an Intent in any of Context.sendBroadcast(Intent
  intent), Context.sendOrderedBroadcast(), and
  Context.sendStickyBroadcast()

22
Intent Filters

• Used to determine recipient of Intent
• Specify the main entrance for activities
• A user interface consists of a series of
  Activities
• Each Activity is a screen.
• Intent may leave a security flaw (hole)
• Solution Intents explicitly define receiver

23
(No Transcript)
24
Goal

• Understand applications and their components
• Concepts
• activity,
• service,
• broadcast receiver,
• content provider,
• intent,
• AndroidManifest

25
Applications

• Written in Java (its possible to write native
  code will not cover that here)
• Good separation (and corresponding security) from
  other applications
• Each application runs in its own process
• Each process has its own separate VM
• Each application is assigned a unique Linux user
  ID by default files of that application are
  only visible to that application (can be
  explicitly exported)

26
Application Components

• Activities visual user interface focused on a
  single thing a user can do
• Services no visual interface they run in the
  background
• Broadcast Receivers receive and react to
  broadcast announcements
• Content Providers allow data exchange between
  applications

27
Activities

• Basic component of most applications
• Most applications have several activities that
  start each other as needed
• Each is implemented as a subclass of the base
  Activity class

28
Activities The View

• Each activity has a default window to draw in
  (although it may prompt for dialogs or
  notifications)
• The content of the window is a view or a group of
  views (derived from View or ViewGroup)
• Example of views buttons, text fields, scroll
  bars, menu items, check boxes, etc.
• View(Group) made visible via Activity.setContentVi
  ew() method.

29
Services

• Does not have a visual interface
• Runs in the background indefinitely
• Examples
• Network Downloads
• Playing Music
• TCP/UDP Server
• You can bind to a an existing service and control
  its operation

30
Broadcast Receivers

• Receive and react to broadcast announcements
• Extend the class BroadcastReceiver
• Examples of broadcasts
• Low battery, power connected, shutdown, timezone
  changed, etc.
• Other applications can initiate broadcasts

31
Content Providers

• Makes some of the application data available to
  other applications
• Its the only way to transfer data between
  applications in Android (no shared files, shared
  memory, pipes, etc.)
• Extends the class ContentProvider
• Other applications use a ContentResolver object
  to access the data provided via a ContentProvider

32
Intents

• An intent is an Intent object with a message
  content.
• Activities, services and broadcast receivers are
  started by intents. ContentProviders are started
  by ContentResolvers
• An activity is started by Context.startActivity(In
  tent intent) or Activity.startActivityForResult(In
  tent intent, int RequestCode)
• A service is started by Context.startService(Inte
  nt service)
• An application can initiate a broadcast by using
  an Intent in any of Context.sendBroadcast(Intent
  intent), Context.sendOrderedBroadcast(), and
  Context.sendStickyBroadcast()

33
Shutting down components

• Activities
• Can terminate itself via finish()
• Can terminate other activities it started via
  finishActivity()
• Services
• Can terminate via stopSelf() or
  Context.stopService()
• Content Providers
• Are only active when responding to
  ContentResolvers
• Broadcast Receivers
• Are only active when responding to broadcasts

34
Android Manifest

• Its main purpose in life is to declare the
  components to the system
• lt?xml version"1.0" encoding"utf-8"?gtltmanifes
  t . . . gt    ltapplication . . . gt       
  ltactivity androidname"com.example.project.Frenet
  icActivity"                  androidicon"_at_drawa
  ble/small_pic.png"                 
  androidlabel"_at_string/freneticLabel"          
          . . .  gt        lt/activitygt        . .
  .    lt/applicationgtlt/manifestgt

35
Intent Filters

• Declare Intents handled by the current
  application (in the AndroidManifest)
• lt?xml version"1.0" encoding"utf-8"?gtltmanife
  st . . . gt    ltapplication . . . gt       
  ltactivity androidname"com.example.project.Frenet
  icActivity"                  androidicon"_at_drawa
  ble/small_pic.png"                 
  androidlabel"_at_string/freneticLabel"          
          . . .  gt            ltintent-filter . . .
  gt                ltaction androidname"android.in
  tent.action.MAIN" /gt                ltcategory
  androidname"android.intent.category.LAUNCHER"
  /gt            lt/intent-filtergt           
  ltintent-filter . . . gt                ltaction
  androidname"com.example.project.BOUNCE" /gt   
              ltdata androidmimeType"image/jpeg"
  /gt                ltcategory androidname"android
  .intent.category.DEFAULT" /gt           
  lt/intent-filtergt        lt/activitygt        . .
  .    lt/applicationgtlt/manifestgt

Shows in the Launcher and is the main activity to
start
Handles JPEG images in some way
36
System level protection for Android app

• Each app runs as a unique user identity such that
  Android can limit the potential damage of
  programming flaws.
• Each app runs in own VM sandbox using unique UID
• Each app requests a simple permission label
  assignment model to restrict access to resources
  and other applications if necessary
• Ex. of permission Internet, camera, GPS
• Permission specifies an access policy to protect
  its resources.

37
Android Permissions

• All permission of Androids policy are set at
  install time and cant change until the
  application is reinstalled.
• Androids permission only restricts access to
  components and doesnt currently provide
  information flow guarantees.
• A permission is listed in apps manifest
  definition XML file.
• If a public component doesnt explicitly declare
  any access permission, Android permits any
  application to access it.
• Component As ability to access components B and
  C is determined by comparing the access
  permission labels on B and C to the collection of
  permission labels assigned to application A.

38
Android App Signature

• All Android applications must be signed, but are
  usually self-signed
• Why self signing?
• Market ties identity to developer account
• No CA in Google, Google does not have central
  control over the apps signature certificates
• No applications are trusted.  No "magic key"
• What does signing determine?
• Author-update
• In signature schemes, the private key is used to
  sign a app or message anyone can check the
  signature using the public key.

39
Permissions Levels

• User can assign permissions to applications at
• - normal
• dangerous
• signature
• signatureOrSystem
• http//developer.android.com/guide/developing/buil
  ding/index.htmldetailed-build

40
Reference

• 1.http//www.businessweek.com/technology/content/o
  ct2010/tc20101020_639668.htm
• 2. http//it-jobs.fins.com/Articles/SB129606993144
  879991/Mobile-App-Developers-Wanted-at-Ad-Agencies
  
• 3.http//www.gartner.com/it/page.jsp?id1466313
• 4.http//developer.android.com/guide/developing/in
  dex.html
• 5.Android Overview, http//www.google.com/url?sat
  rctjqesrcssourcewebcd7ved0CEcQFjAGurl
  http3A2F2Fai.arizona.edu2Fmis5102Fslides2FA
  ndroid2520Overview.pptei4HBXUNPvMuPe0QGm3oCYCg
  usgAFQjCNE2Li9vyh34rECKYDuOjKjI5pjyzwsig2E-wfIL
  1bPNJacCi6ZaAWCA
• 6. Mobile Application Security on Android,
  Originally presented by Jesse Burns at Black Hat
  2009