Develop your own Android version – lessons learnt

SecureApps 30/01/2014 Jan Vossaert Overview

• Introduction

• Android concepts/terminology

• Your own Android version

• Use cases

• Conclusion Introduction

• What is Android? o Linux-based mobile phone OS o Actively developed by Google o Free to use for hardware manufacturers and others to use on their device Introduction

• Why would you build your own Android version? o Install own default applications • Cannot be removed by users o Run Android on custom hardware Android for board computers. (Open Automotive Alliance)

Android for digibox

o Modifications to Android frameworks o Add additional applications (PW Manager) o Settings/security tweaks (VPN/firewall) o ... Licensing

Open: Apache 2

Open: Apache 2

Open: Various licenses

Proprietary (drivers) a (L)GPL Rooted vs unlocked

• Bootloader o Software that starts when device boots o Responsible for starting Android o Locked • Typically restricts software it loads (digitally signed updates etc) o Unlocked • Typically loads any software • Used for booting custom ROMs Rooted vs unlocked

• Unlock bootloader (void warranty) o Wipes phone o No need to be root • Custom ROM with/without root • Stock ROM with/without root (exploit) o Root has advantages for back-up (backup more data)

• ‘Locked’ phone o Phone restricted to telephone operator o Root Android via exploit Rooted vs unlocked

• Rooted o full administrator access of your device. o run apps that require access to certain system settings

o Some applications refuse to run on rooted phone

Rooted vs unlocked

• Rooted o BusyBox • Android, offers a limited amount of UNIX commands • BusyBox will implement more commands that are necessary for some root apps to work properly. o How to root your Android device • Install custom ROM • Use exploits (side-loading required) • SuperOneClick • FramaRoot o Writing applications that use root privileges • RootTools • http://code.google.com/p/roottools/wiki/Usage

Backup Android device

• Backup with root o NANDroid o NAND partition stores all system relevant information like the bootloader, recovery mode or the kernel. o Complete system backup of your Android device. • Backup without root o Only for applications that implement backup interface o Local backup via usb o Remote backup via Google cloud Your own Android version

Set up Download Modify development Build source Deploy build source source environment Your own Android version

• Set up development environment o Linux or Mac OS o Tested by Google on Ubuntu o Only 64-bit as of Android 2.3 o http://source.android.com/source/initializing.html • Download source o Git repository o Choose branch o http://source.android.com/source/downloading.html Your own Android version

• Source code overview o bionic: C library (not libc for licensing) o dalvik: dalvik virtual machine o external: third party libraries used by Android o framework: development frameworks provided by Android o hardware: abstract the actual physical device o ndk: native development kit o out: built Adroid system o prebuilt: contains modules that are prebuilt such as kernel Your own Android version

• Source code overview o framework: development frameworks provided by Android • Java manager: .../android_source/frameworks/base/core/java/android/hardware/SensorManager. java • JNI: .../android_source/frameworks/base/core/jni/android_hardware_SensorManager. cpp o hardware: abstract the actual physical device (HAL) • C code: .../android_source/hardware/libhardware/include/hardware/sensors.h

Your own Android version

• Regular application: /data/app • System application: /system/app o Cannot be uninstalled by user • Adding system application o Develop application in eclipse o Copy app to /packages/apps (symlink also works) o Delete bin and gen folder o Create a makefile (Android.mk) o Add app to /build/target/product/core.mk o Rebuild Android source Your own Android version

• Add hardware drivers o drivers for Google development phones (Nexus) are freely available o comes as a self-extracting script o run from the root of the source tree • Build type (user – userdebug – eng) • Increased security measures • Decreased debugging capabilities • Target product o Android flavor to be built o Different apps/locales o Configure build for specific device • PandaBoard

Your own Android version

• Build for custom hardware o Android builds for similar hardware? o Kernel is open source o HAL can be closed source o New build configuration Your own Android version • Your own build o out/target/product//update.zip • Custom ROMs o Why? • Newer version of Android • Add additional features and system tweaks o Why not? • Hardware issues • Warranty o Distributions • CyanogenMod • AOKP Your own Android version

• Fastboot o Special diagnostic and engineering protocol o Boot device in fastboot mode o Not accessible on all phones o Fastboot utility in Android sdk

Your own Android version

• Unlock bootloader o fastboot oem unlock • Flash new recovery mode image o The standard Android recovery mode is limited o Replacement recovery modes • Team Win Recovery Project (TWRP) • ClockworkMod Recovery (CWRM) o Use fastboot • fastboot flash recovery your_recovery_image.img • fastboot boot your_recovery_image.img Your own Android version

• Unlock bootloader • Flash new recovery mode image • Use the recovery mode of the device o Copy .zip on device • Re-lock bootloader! o fastboot oem lock

Use cases

• Fine grained control over release of data to apps

• Secure & flexible backup Use cases: controlled release of data

• Apps don’t need all the data they request

• Advertisement libraries collect user data

Use cases: controlled release of data

policy Applications

Angry Management Contacts …

birds App

policy

source Application framework

Policy Data Policy … Decision Android Providers Manager Point Use cases: controlled release of data

• Policy specification o On-the-fly

o Pre-defined

Use cases: controlled release of data

• Policy specification o Pre-defined o On-the-fly • Policy rules o Location • Real location • Standard location • Proximity • No signal proximity o Contact data • None • Real data

Use cases: controlled release of data

• Policy specification o Pre-defined o On-the-fly • Policy rules o Location • Real location • Standard location • Proximity • No signal o Contact data • None • Real data

Use cases: secure and flexible backup

backup Use cases: secure and flexible backup

backup Use cases: secure and flexible backup

settings Applications

Backup Contacts Browser …

Settings

settings

source Application framework Backup Manager Location Window … Android Manager Manager Local Custom Transport Transport Conclusion

• Android mods are industrially relevant o Only kernel modification open source o Hardware/software requirements for term ‘AndroidTM’ • Android compatibility test suite (free) • Report generated for Google • http://source.android.com/faqs.html

• Android can be adjusted to your needs o Huge codebase o Updates? References

• http://lifehacker.com/how-to-flash-a-rom-to-your-android- phone-30885281 • http://xda-university.com/as-a-developer/introduction-how- an-android-rom-is-built • http://trendblog.net/guide-to-android-rooting-custom-roms- apps-2014-edition/ • http://lifehacker.com/5789397/the-always-up+to+date- guide-to-rooting-any-android-phone • http://source.android.com/source/building-devices.html • http://apcmag.com/how-to-make-your-own-android- rom.htm

References

• http://dottech.org/23370/how-to-root-android-jailbreak-ios- iphone-ipad-homebrew-webos/#otheroneclick • http://trendblog.net/android-guide-make-nandroid-backup- android-phone/ • https://developers.google.com/android/nexus/drivers • http://source.android.com/compatibility/index.html

• Embedded Android - O'Reilly Media