Develop Your Own Android Version – Lessons Learnt

Total Page:16

File Type:pdf, Size:1020Kb

Develop Your Own Android Version – Lessons Learnt Develop your own Android version – lessons learnt SecureApps 30/01/2014 Jan Vossaert Overview • Introduction • Android concepts/terminology • Your own Android version • Use cases • Conclusion Introduction • What is Android? o Linux-based mobile phone OS o Actively developed by Google o Free to use for hardware manufacturers and others to use on their device Introduction • Why would you build your own Android version? o Install own default applications • Cannot be removed by users o Run Android on custom hardware Android for board computers. (Open Automotive Alliance) Android for digibox o Modifications to Android frameworks o Add additional applications (PW Manager) o Settings/security tweaks (VPN/firewall) o ... Licensing Open: Apache 2 Open: Apache 2 Open: Various licenses Proprietary (drivers) a (L)GPL Rooted vs unlocked • Bootloader o Software that starts when device boots o Responsible for starting Android o Locked • Typically restricts software it loads (digitally signed updates etc) o Unlocked • Typically loads any software • Used for booting custom ROMs Rooted vs unlocked • Unlock bootloader (void warranty) o Wipes phone o No need to be root • Custom ROM with/without root • Stock ROM with/without root (exploit) o Root has advantages for back-up (backup more data) • ‘Locked’ phone o Phone restricted to telephone operator o Root Android via exploit Rooted vs unlocked • Rooted o full administrator access of your device. o run apps that require access to certain system settings o Some applications refuse to run on rooted phone Rooted vs unlocked • Rooted o BusyBox • Android, offers a limited amount of UNIX commands • BusyBox will implement more commands that are necessary for some root apps to work properly. o How to root your Android device • Install custom ROM • Use exploits (side-loading required) • SuperOneClick • FramaRoot o Writing applications that use root privileges • RootTools • http://code.google.com/p/roottools/wiki/Usage Backup Android device • Backup with root o NANDroid o NAND partition stores all system relevant information like the bootloader, recovery mode or the kernel. o Complete system backup of your Android device. • Backup without root o Only for applications that implement backup interface o Local backup via usb o Remote backup via Google cloud Your own Android version Set up Download Modify development Build source Deploy build source source environment Your own Android version • Set up development environment o Linux or Mac OS o Tested by Google on Ubuntu o Only 64-bit as of Android 2.3 o http://source.android.com/source/initializing.html • Download source o Git repository o Choose branch o http://source.android.com/source/downloading.html Your own Android version • Source code overview o bionic: C library (not libc for licensing) o dalvik: dalvik virtual machine o external: third party libraries used by Android o framework: development frameworks provided by Android o hardware: abstract the actual physical device o ndk: native development kit o out: built Adroid system o prebuilt: contains modules that are prebuilt such as kernel Your own Android version • Source code overview o framework: development frameworks provided by Android • Java manager: .../android_source/frameworks/base/core/java/android/hardware/SensorManager. java • JNI: .../android_source/frameworks/base/core/jni/android_hardware_SensorManager. cpp o hardware: abstract the actual physical device (HAL) • C code: .../android_source/hardware/libhardware/include/hardware/sensors.h Your own Android version • Regular application: /data/app • System application: /system/app o Cannot be uninstalled by user • Adding system application o Develop application in eclipse o Copy app to /packages/apps (symlink also works) o Delete bin and gen folder o Create a makefile (Android.mk) o Add app to /build/target/product/core.mk o Rebuild Android source Your own Android version • Add hardware drivers o drivers for Google development phones (Nexus) are freely available o comes as a self-extracting script o run from the root of the source tree • Build type (user – userdebug – eng) • Increased security measures • Decreased debugging capabilities • Target product o Android flavor to be built o Different apps/locales o Configure build for specific device • PandaBoard Your own Android version • Build for custom hardware o Android builds for similar hardware? o Kernel is open source o HAL can be closed source o New build configuration Your own Android version • Your own build o out/target/product/<device name>/update.zip • Custom ROMs o Why? • Newer version of Android • Add additional features and system tweaks o Why not? • Hardware issues • Warranty o Distributions • CyanogenMod • AOKP Your own Android version • Fastboot o Special diagnostic and engineering protocol o Boot device in fastboot mode o Not accessible on all phones o Fastboot utility in Android sdk Your own Android version • Unlock bootloader o fastboot oem unlock • Flash new recovery mode image o The standard Android recovery mode is limited o Replacement recovery modes • Team Win Recovery Project (TWRP) • ClockworkMod Recovery (CWRM) o Use fastboot • fastboot flash recovery your_recovery_image.img • fastboot boot your_recovery_image.img Your own Android version • Unlock bootloader • Flash new recovery mode image • Use the recovery mode of the device o Copy .zip on device • Re-lock bootloader! o fastboot oem lock Use cases • Fine grained control over release of data to apps • Secure & flexible backup Use cases: controlled release of data • Apps don’t need all the data they request • Advertisement libraries collect user data Use cases: controlled release of data policy Applications Angry Management Contacts … birds App policy source Application framework Policy Data Policy … Decision Android Providers Manager Point Use cases: controlled release of data • Policy specification o On-the-fly o Pre-defined Use cases: controlled release of data • Policy specification o Pre-defined o On-the-fly • Policy rules o Location • Real location • Standard location • Proximity • No signal proximity o Contact data • None • Real data Use cases: controlled release of data • Policy specification o Pre-defined o On-the-fly • Policy rules o Location • Real location • Standard location • Proximity • No signal o Contact data • None • Real data Use cases: secure and flexible backup backup Use cases: secure and flexible backup backup Use cases: secure and flexible backup settings Applications Backup Contacts Browser … Settings settings source Application framework Backup Manager Location Window … Android Manager Manager Local Custom Transport Transport Conclusion • Android mods are industrially relevant o Only kernel modification open source o Hardware/software requirements for term ‘AndroidTM’ • Android compatibility test suite (free) • Report generated for Google • http://source.android.com/faqs.html • Android can be adjusted to your needs o Huge codebase o Updates? References • http://lifehacker.com/how-to-flash-a-rom-to-your-android- phone-30885281 • http://xda-university.com/as-a-developer/introduction-how- an-android-rom-is-built • http://trendblog.net/guide-to-android-rooting-custom-roms- apps-2014-edition/ • http://lifehacker.com/5789397/the-always-up+to+date- guide-to-rooting-any-android-phone • http://source.android.com/source/building-devices.html • http://apcmag.com/how-to-make-your-own-android- rom.htm References • http://dottech.org/23370/how-to-root-android-jailbreak-ios- iphone-ipad-homebrew-webos/#otheroneclick • http://trendblog.net/android-guide-make-nandroid-backup- android-phone/ • https://developers.google.com/android/nexus/drivers • http://source.android.com/compatibility/index.html • Embedded Android - O'Reilly Media .
Recommended publications
  • BION System for Distributed Neural
    Medical Engineering & Physics 23 (2001) 9–18 www.elsevier.com/locate/medengphy BION system for distributed neural prosthetic interfaces Gerald E. Loeb *, Raymond A. Peck, William H. Moore, Kevin Hood A.E. Mann Institute for Biomedical Engineering, University of Southern California, 1042 West 36th Place, Room B-12, Los Angeles, CA 90089-1112, USA Received 5 October 2000; received in revised form 18 January 2001; accepted 26 January 2001 Abstract We have developed the first in a planned series of neural prosthetic interfaces that allow multichannel systems to be assembled from single-channel micromodules called BIONs (BIOnic Neurons). Multiple BION implants can be injected directly into the sites requiring stimulating or sensing channels, where they receive power and digital commands by inductive coupling to an externally generated radio-frequency magnetic field. This article describes some of the novel technology required to achieve the required microminiaturization, hermeticity, power efficiency and clinical performance. The BION1 implants are now being used to electrically exercise paralyzed and weak muscles to prevent or reverse disuse atrophy. This modular, wireless approach to interfacing with the peripheral nervous system should facilitate the development of progressively more complex systems required to address a growing range of clinical applications, leading ultimately to synthesizing complete voluntary functions such as reach and grasp. 2001 IPEM. Published by Elsevier Science Ltd. All rights reserved. Keywords: Implant; Stimulator; Muscle; Neural prosthesis; Telemetry 1. Rationale and objectives 3. applying the currently available BIONs in therapeutic electrical stimulation (TES) to prevent secondary The functional reanimation of paralyzed limbs has complications related to disuse atrophy, which long been a goal of neural prosthetics research, but the appears to offer immediately feasible and commer- scientific, technical and clinical problems are formidable cially viable opportunities [2].
    [Show full text]
  • How Applications Are Run on Android ?
    How applications are run on Android ? Jean-Loup Bogalho & Jérémy Lefaure [email protected] [email protected] Table of contents 1. Dalvik and ART 2. Executable files 3. Memory management 4. Compilation What is Dalvik ? ● Android’s Virtual Machine ● Designed to run on embedded systems ● Register-based (lower memory consumption) ● Run Dalvik Executable (.dex) files What is ART ? ● Android RunTime ● Dalvik’s successor ● ART Is Not a JVM ● Huge performance gain thanks to ahead-of-time (AOT) compilation ● Available in Android 4.4 What is ART ? Executable files Dalvik: .dex files ● Not the same bytecode as classical Java bytecode ● .class files are converted in .dex files at build time ● Optimized for minimal memory footprint Dalvik: .dex files Dalvik: application installation ● Verification: ○ bytecode check (illegal instructions, valid indices,...) ○ checksum on files ● Optimization: ○ method inlining ○ byte swapping and padding ○ static linking ART: OAT file ● Generated during installation (dex2oat) ● ELF format ● Classes metadata Memory management Zygote ● Daemon started at boot time ● Loads and initializes core libraries ● Forks to create new Dalvik instance ● Startup time of new VM is reduced ● Memory layouts are shared across processes Dalvik: memory management ● Memory is garbage collected ● Automatic management avoids programming errors ● Objects are not freed as soon as they become unused Dalvik: memory allocation ● Allocation profiling: ○ allocation count (succeeded or failed) ○ total allocated size (succeeded or failed) ● malloc
    [Show full text]
  • Android (Operating System) 1 Android (Operating System)
    Android (operating system) 1 Android (operating system) Android Home screen displayed by Samsung Nexus S with Google running Android 2.3 "Gingerbread" Company / developer Google Inc., Open Handset Alliance [1] Programmed in C (core), C++ (some third-party libraries), Java (UI) Working state Current [2] Source model Free and open source software (3.0 is currently in closed development) Initial release 21 October 2008 Latest stable release Tablets: [3] 3.0.1 (Honeycomb) Phones: [3] 2.3.3 (Gingerbread) / 24 February 2011 [4] Supported platforms ARM, MIPS, Power, x86 Kernel type Monolithic, modified Linux kernel Default user interface Graphical [5] License Apache 2.0, Linux kernel patches are under GPL v2 Official website [www.android.com www.android.com] Android is a software stack for mobile devices that includes an operating system, middleware and key applications.[6] [7] Google Inc. purchased the initial developer of the software, Android Inc., in 2005.[8] Android's mobile operating system is based on a modified version of the Linux kernel. Google and other members of the Open Handset Alliance collaborated on Android's development and release.[9] [10] The Android Open Source Project (AOSP) is tasked with the maintenance and further development of Android.[11] The Android operating system is the world's best-selling Smartphone platform.[12] [13] Android has a large community of developers writing applications ("apps") that extend the functionality of the devices. There are currently over 150,000 apps available for Android.[14] [15] Android Market is the online app store run by Google, though apps can also be downloaded from third-party sites.
    [Show full text]
  • K1 LEVEL QUESTIONS 17PMC640 ANDROID PROGRAMMING Unit:1
    K1 LEVEL QUESTIONS 17PMC640 ANDROID PROGRAMMING Unit:1 1) Dalvik Virtual Machine (DVM) actually uses core features of A. Windows B. Mac C. Linux D. Contiki 2) A type of service provided by android that allows sharing and publishing of data to other applications is A. View System B. Content Providers C. Activity Manager D. Notifications Manager 3) Android library that provides access to UI pre-built elements such as buttons, lists, views etc. is A. android.text B. android.os C. android.view D. android.webkit 4) A type of service provided by android that shows messages and alerts to user is A. Content Providers B. View System C. Notifications Manager D. Activity Manager 5) A type of service provided by android that controls application lifespan and activity pile is A. Activity Manager B. View System C. Notifications Manager D. Content Providers 6) One of application component, that manages application's background services is called A. Activities B. Broadcast Receivers C. Services D. Content Providers 7) In android studio, callback that is called when activity interaction with user is started is A. onStart B. onStop C. onResume D. onDestroy 8) Tab that can be used to do any task that can be done from DOS window is A. TODO B. messages C. terminal D. comments 9) Broadcast that includes information about battery state, level, etc. is A. android.intent.action.BATTERY_CHANGED B. android.intent.action.BATTERY_LOW C. android.intent.action.BATTERY_OKAY D. android.intent.action.CALL_BUTTON 10) OHA stands for a) Open Host Application b) Open Handset
    [Show full text]
  • Android Operating System
    Software Engineering ISSN: 2229-4007 & ISSN: 2229-4015, Volume 3, Issue 1, 2012, pp.-10-13. Available online at http://www.bioinfo.in/contents.php?id=76 ANDROID OPERATING SYSTEM NIMODIA C. AND DESHMUKH H.R. Babasaheb Naik College of Engineering, Pusad, MS, India. *Corresponding Author: Email- [email protected], [email protected] Received: February 21, 2012; Accepted: March 15, 2012 Abstract- Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android, an open source mobile device platform based on the Linux operating system. It has application Framework,enhanced graphics, integrated web browser, relational database, media support, LibWebCore web browser, wide variety of connectivity and much more applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. Architecture of Android consist of Applications. Linux kernel, libraries, application framework, Android Runtime. All applications are written using the Java programming language. Android mobile phone platform is going to be more secure than Apple’s iPhone or any other device in the long run. Keywords- 3G, Dalvik Virtual Machine, EGPRS, LiMo, Open Handset Alliance, SQLite, WCDMA/HSUPA Citation: Nimodia C. and Deshmukh H.R. (2012) Android Operating System. Software Engineering, ISSN: 2229-4007 & ISSN: 2229-4015, Volume 3, Issue 1, pp.-10-13. Copyright: Copyright©2012 Nimodia C. and Deshmukh H.R. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
    [Show full text]
  • Poly Trio Solution Safety and Regulatory Notice 5.9.1 AA
    OFFER OF SOURCE FOR OPEN SOURCE SOFTWARE October 2019 | 3725-24510-010A Poly Trio Solution with UC Software 5.9.1AA You may have a Poly Voice product with Unified Communications (UC) Software from Poly that contains software from the open source community that must be licensed under the specific license terms applicable to the software. For at least three years from the date of distribution of the applicable product or software, Poly will give to anyone who contacts us using the contact information provided below, for a charge of no more than our cost of physically distributing, one of the following items: (a) a copy of the complete corresponding machine-readable source code for programs listed in this document, or (b) a copy of the corresponding machine-readable source code for the libraries listed in this document, as well as the executable object code of the Poly work with which that library links. The software included or distributed for Poly Voice products with UC Software, including any software that may be downloaded electronically via the Internet or otherwise (the “Software”) is licensed, not sold. Open Source Software Poly Voice products with UC Software use several open source software packages. The packages containing the source code and the licenses for all of the open-source software are available upon request by contacting [email protected]. License Information The following table contains license information for the open source software packages used in Poly Voice products with UC Software 5.9.1AA. The source code and the licenses for all the open source software are available upon request.
    [Show full text]
  • Dalvik - Virtual Machine
    Review Indian Journal of Engineering, Volume 1, Number 1, November 2012 REVIEW Indian Journal of 7765 – ngineering 7757 EISSN 2319 E – ISSN 2319 Dalvik - Virtual Machine Ashish Yadav J1, Abhishek Vats J2, Aman Nagpal J3, Avinash Yadav J4 1.Department of Computer Science, Dronacharya college of Engineering, Gurgaon, India, E-mail: [email protected] 2.Department of Computer Science, Dronacharya college of Engineering, Gurgaon, India, E-mail: [email protected] 3.Department of Computer Science, Dronacharya college of Engineering, Gurgaon, India, E-mail: [email protected] 4.Department of Computer Science, Dronacharya college of Engineering, Gurgaon, India, E-mail: [email protected] Received 26 September; accepted 19 October; published online 01 November; printed 16 November 2012 ABSTRACT Android is a software stack for mobile devices that contains an operating system, middleware and key applications. Android is a software platform and operating system for mobile devices based on the Linux operating system and developed by Google and the Open Handset Alliance. It allows developers to Write handle code in a Java-like language that utilizes Google-developed Java libraries, but does not support programs developed in native code. The presentation of the Android platform on 5 November 2007 was announced with the founding of the Open Handset Alliance, a consortium of 34 hardware, software and telecom companies devoted to advancing open standards for mobile devices. When released in 2008, most of the Android platform will be made obtainable under the Apache free-software and open-source license. Open Android provide the permission to access core mobile device functionality through standard API calls.
    [Show full text]
  • BE PARANOID OR NOT to BE ? Alizée PENEL
    BE PARANOID OR NOT TO BE ? Alizée PENEL Linux and Android System Developer Dev Team Member Agenda 01 02 03 Internet Network Security Permission in socket in Aspects Marshmallow Android OS INTERNET PERMISSION IN MARSHMALLOW INTERNET PERMISSION DECLARATION AndroidManifest.xml https://github.com/vx/connectbot from VX Solutions INTERNET PERMISSION DEFINITION frameworks/base/core/AndroidManifest.xml MARSHMALLOW PERMISSIONS Permission are automatically granted at install time - UI shows permissions details - UI from Google Play, not from the system Dangerous permissions are granted at runtime INTERNET PERMISSION INTERNALS On device : /system/etc/permissions/platform.xml system/core/include/private/android_filesystem_config.h root@genymotion:/ cat /data/system/packages.list MAPPING GID PROCESS That’s all ? Anything is checked at the runtime ? NETWORK SOCKETS IN ANDROID OS THE BASICS JAVA.NET.SOCKET CLASS Any application can directly instantiate this class Even the framework uses it Packed in Android Java core library : core-libart.jar Source file : libcore/luni/src/main/java/net/Socket.java ANY PERMISSION CHECKED !? SOCKET SYSCALL IN BIONIC bionic/libc/bionic/socket.cpp Same type of declaration for connect and accept syscalls NetdClientDispath, C structure of 4 function pointers on 3 syscalls ( __socket, __connect, __accept4) & 1 function (fallBackNetIdForResolv) WHAT HAPPENING IN BIONIC ? As soon as bionic is loaded, the function __libc_preinit() is called by the dynamic linker In __libc_preinit(), call to netdClientInit() function The libnetd_client.so
    [Show full text]
  • Dexmedetomidine Mitigates LPS-Induced Acute Lung Injury in Rats Through HMGB1-Mediated Anti- Inflammatory and Antioxidant Mechanisms
    Revista Argentina de Clínica Psicológica 2020, Vol. XXIX, N°4, 377-383 377 DOI: 10.24205/03276716.2020.837 Dexmedetomidine Mitigates LPS-Induced Acute Lung Injury in Rats Through HMGB1-Mediated Anti- Inflammatory and Antioxidant Mechanisms Ning Lva*,XiaoYun Lib ABSTRACT Purpose: To investigate the effect of dexmedetomidine on lipopolysaccharide (LPS)- induced acute lung injury in rats, and the underlying mechanism. Methods: Healthy male SD rats (n=54) were randomly divided into three groups: normal, model and dexmedetomidine groups, with 18 rats in each group. Rats in the model and dexmedetomidine groups were given LPS at a dose of 8 mg/kg, to establish a model of acute lung injury. Rats in the dexmedetomidine group were injected intraperitoneallywith dexmedetomidine at a dose of 50 μg/kg prior to establishment of the model, while rats in the normal group received intraperitoneal injection of normal saline in place of dexmedetomidine. Hematoxylin and eosin (H&E) staining was used to observe changes in lung tissue in each group.Changes in wet/dry weight ratio of lung tissue were compared among the groups. Enzyme-linked immunosorbent assay was used to determine the expressions of inflammation indices i.e. interleukin-6 (IL-6), tumor necrosis factor-α (TNF- α), and interleukin-1β (L-1β)] in lung tissue. Levels of MDA were measured with thiobarbituric acid method. Superoxide dismutase (SOD) activity was assayed through enzyme rate method, while nitric oxide was measured using nitrate reductase assay.The expression levels of high mobility group protein B1 (HMGB1), p-PI3K, p-Akt, p-IκB, p-NF- κB, and Toll-like receptor 4 (TLR4) in lung tissue were determined with Western blotting.
    [Show full text]
  • Mobile Code Anti-Reversing Scheme Based on Bytecode Trapping in ART
    sensors Article Mobile Code Anti-Reversing Scheme Based on Bytecode Trapping in ART Geonbae Na 1, Jongsu Lim 1, Sunjun Lee 2 and Jeong Hyun Yi 2,* 1 School of Computer Science and Engineering, Soongsil University, Seoul 06978, Korea; [email protected] (G.N.); [email protected] (J.L.) 2 School of Software, Soongsil University, Seoul 06978, Korea; [email protected] * Correspondence: [email protected] Received: 31 March 2019; Accepted: 6 June 2019; Published: 10 June 2019 Abstract: As interest in Internet of Things environments rapidly increases throughout the IT convergence field, compatibility with mobile devices must be provided to enable personalized services. The security of mobile platforms and applications is critical because security vulnerabilities of mobile devices can be spread to all things in these environments. Android, the leading open mobile platform, has long used the Dalvik virtual machine as its runtime system. However, it has recently been completely replaced by a new runtime system, namely Android Runtime (ART). The change from Android’s Dalvik to ART means that the existing Dalvik bytecode-based application execution structure has been changed to a machine code-based application execution structure. Consequently, a detailed understanding of ART, such as new file formats and execution switching methods between codes, is required from the viewpoint of application security. In this paper, we demonstrate that an existing Dalvik-based application vulnerability can be exploited as-is in ART. This is because existing Dalvik executable files coexist in the ART executable file, and these Dalvik bytecodes and compiled machine codes have one-to-one mapping relationships.
    [Show full text]
  • We Shape Future Mobility 1
    We shape future mobility 1. 2. 3. 4. 5. 6. 1 Content The mobility of the future 4 MAHLE on site 6 MAHLE’s product portfolio 8 System-wide expertise 10 1. E-mobility Electrifying diversity 12 The tension’s rising 15 Product highlights: All charged up 17 Durable and versatile 18 Tiny but mighty—actuators in cars 20 chargeBIG—MAHLE’s solution for intelligent charging infrastructure 21 2. Thermal management Ideal temperature 22 Product highlights: Temperature regulation from MAHLE 25 3. Filtration A breath of fresh air 28 Filters to stop the spread 31 OzonePRO 31 4. Conventional drives E-fuel ready 32 Product highlights: Lightweight and versatile 35 On track for a sustainable future 36 Layer-by-layer 3D construction 37 5. Hydrogen and fuel cell technologies One element, many possibilities 38 Endurance testing 41 The peripherals are key 42 6. Urban mobility How smart is that? 44 All in the frame 46 Fully connected 47 MAHLE solutions for bikes with electric drives 48 Conspicuously inconspicuous 50 Scooters and commercial vehicles 51 R&D experts—MAHLE Powertrain 52 MAHLE Motorsports 54 Zero-carbon road map 56 Sustainability at MAHLE 58 MAHLE is a leading international development partner and supplier to the automotive industry. The technology group is now broadly positioned in the areas of powertrain technology and thermal man- agement with a clear focus on future topics relating to mobility. As part of its dual strategy, MAHLE is working both on the intelligent combustion engine for the use of hydrogen and other nonfossil fuels and on technologies that will help the fuel cell and e-mobility achieve broad acceptance in the markets.
    [Show full text]
  • Nacldroid: Native Code Isolation for Android Applications
    NaClDroid: Native Code Isolation for Android Applications Elias Athanasopoulos1, Vasileios P. Kemerlis2, Georgios Portokalidis3, and Angelos D. Keromytis4 1 Vrije Universiteit Amsterdam, The Netherlands [email protected] 2 Brown University, Providence, RI, USA [email protected] 3 Stevens Institute of Technology, Hoboken, NJ, USA [email protected] 4 Columbia University, New York, NY, USA [email protected] Abstract. Android apps frequently incorporate third-party libraries that contain native code; this not only facilitates rapid application develop- ment and distribution, but also provides new ways to generate revenue. As a matter of fact, one in two apps in Google Play are linked with a library providing ad network services. However, linking applications with third-party code can have severe security implications: malicious libraries written in native code can exfiltrate sensitive information from a running app, or completely modify the execution runtime, since all native code is mapped inside the same address space with the execution environment, namely the Dalvik/ART VM. We propose NaClDroid, a framework that addresses these problems, while still allowing apps to include third-party code. NaClDroid prevents malicious native-code libraries from hijacking Android applications using Software Fault Isolation. More specifically, we place all native code in a Native Client sandbox that prevents uncon- strained reads, or writes, inside the process address space. NaClDroid has little overhead; for native code running inside the NaCl sandbox the slowdown is less than 10% on average. Keywords: SFI, NaCl, Android 1 Introduction Android is undoubtedly the most rapidly growing platform for mobile devices, with estimates predicting one billion Android-based smartphones shipping in 2017 [12].
    [Show full text]