Technical Disclosure Commons
Defensive Publications Series
January 2021
Android Security
Nancy Mehra
Follow this and additional works at: https://www.tdcommons.org/dpubs_series
Recommended Citation Mehra, Nancy, "Android Security", Technical Disclosure Commons, (January 12, 2021) https://www.tdcommons.org/dpubs_series/3957
This work is licensed under a Creative Commons Attribution 4.0 License. This Article is brought to you for free and open access by Technical Disclosure Commons. It has been accepted for inclusion in Defensive Publications Series by an authorized administrator of Technical Disclosure Commons. Mehra: Android Security
ANDROID SECURITY
Nancy Mehra[1] [1]Asst. Professor, Post Graduate Dept. of Computer Science, Arya College, Ludhiana, India
ABSTRACT Android is the most popular mobile operating system among the most used touch devices. Today, 80 percentage of touch devices are using Android Operating System . The universality of Android devices has a direct impact on the app store Google Play, which was first introduced under the name of Android Market. Android is an open source operating system. Thus convincingly available and recognized by various operating system and code familiar to java , its applications can be easily developed and implemented on the Smartphones. Thousands of mobile apps are released through the Google Play Store every day ,so to measure the security here is difficult, as this number is increasing day by day. To guarantee the security of user’s application, information, and data Android platform should be having a powerful security mechanism. The open source platform encourages the malicious software developers, to exploit and steal the user’s private data. Keywords: Android, Security , Smartphones
security, the architecture of Android Introduction platform is designed that gives the flexibility required for an open source With the increasing popularity of platform. There are various security handheld and touch devices, there was an threats exists on Android phones, like eager requirement of an operating system Denial of Service attacks, colluding, and it was fulfilled with the development repackaging apps to inject malicious code, of Android. The devices contain lots of permission escalation, and unauthorized features and functionalities that provide access between the application. In this users with a way for an easy lifestyle. paper, various mobile security issues and These features include hardware features recent android attacks will be discussed. such as audio, Bluetooth, camera, network, microphone, GSM, NFC, and sensors such as accelerometer, barometer, compass, gyroscope, and Wi-Fi. It also includes software features such as app widgets, home screen, input methods, live wallpapers, layouts, storage, messaging, multi-language support, browsers, Java support, media support, multi-touch, calls, messaging, multitasking, accessibility, external storage, and so on. Android offers millions of applications. It offers millions of applications on the Google play store and also they are increasing. In order to provide security for Open source I Android Architecture platform, it requires a powerful and severe security architecture. With multi layered
Published by Technical Disclosure Commons, 2021 2 Defensive Publications Series, Art. 3957 [2021]
because its open source. Anyone can go ahead and modify the Linux kernel without any hardware limitation or even any royalty issues. Android Run Time: Dalvik Virtual Machine: The Dalvik virtual machine was developed by Google . Dalvik VM is actually an interpreter for the Java programming language. The whole android runtime is written in Java in Android, and since all applications of android are written in Java it becomes much easier and smooth for the applications to run in the virtual environment[1]. Android Runtime – Core Libraries
The Android Core Libraries fall into three main categories: The Android Software Stack: Android is architected in the form of a Dalvik VM Specific Libraries: This is a set software stack comprising applications, an of libraries used for interacting directly with operating system, run-time environment, an instance of the Dalvik VM and is unlikely middleware, services and libraries. This to be used by most Android application architecture can, perhaps, best be represented developer. visually as outlined in Figure above. Each layer of the stack, and the corresponding Java Interoperability Libraries: The elements within each layer, are tightly Standard Java development environment integrated and carefully tuned to provide the includes a vast array of classes that are optimal application development and contained in the core Java runtime libraries. execution environment for mobile devices[1]. These libraries provide support for tasks such as string handling, networking and file Linux Kernel: It is the heart of android manipulation (to name but a few) and are both architecture that exists at the root of android familiar to, and widely used by Java architecture. The Linux Kernel is the bottom developers regardless of platform. most layer in the Android architecture. The Android platform is built on top of the Linux Android Libraries[1].: This category 2.6 Kernel with a few architectural changes. encompasses those Java-based libraries that The term kernel refers to the core of any are specific to Android development. some operating system. The Linux Kernel provides key core Android libraries available to the support for memory management, security Android developer is as follows: management, network stack, process management, and device management. The • android.app – Provides access to the Linux Kernel contains a list of device drivers application model and is the cornerstone that facilitate the communication of an of all Android applications. Android device with other peripheral devices. A device driver is software that provides a • android.content – Facilitates content software interface to the hardware devices. In access, publishing and messaging between doing so, these hardware devices can be applications and application components. accessed by the operating system and other • android.database – Used to access data programs. The main reason of Linux kernel is published by content providers and
https://www.tdcommons.org/dpubs_series/3957 3 Mehra: Android Security
includes SQLite database management telephony services available on the device classes. such as status and subscriber information. • android.graphics – A low-level 2D • Location Manager – Provides access to the graphics drawing API including colors, location services allowing an application points, filters, rectangles and canvases. to receive updates about location changes. • android.hardware – Presents an API providing access to hardware such as the Native Libraries[5]: Android includes a set accelerometer and light sensor. of native libraries written in C/C++ which are • android.util – A set of utility classes compiled to native machine code. These for performing tasks such as string and libraries directly interact with Android Linux number conversion, XML handling kernel and export its facilities to rest of the and date and time manipulation. Android stack. On the top of linux kernel, • android.view – The fundamental their are Native libraries such as WebKit, building blocks of application user OpenGL, FreeType, SQLite, Media, C interfaces. runtime library (libc) etc. [1]. Application Framework • SQLite is a powerful and lightweight relational database engine. The same database The Application Framework is a set of engine is used in iPhone. services that collectively form the • Webkit is a fast HTML-rendering engine environment in which Android applications used by browsers. This is the same engine run and are managed. This framework used in Safari, Chrome, Apple iPhone, and implements the concept that Android Nokia’s S60 platform. applications are constructed from reusable, • OpenSSL is the secure socket layer for interchangeable and replaceable components. Internet security. The Android framework includes the • Graphics libraries that include SGL and following key services: OpenGL for 2D and 3D graphics engines respectively. A surface manager provides a • Activity Manager – Controls all aspects of system-wide surface composer to render the application lifecycle and activity stack. different drawing surfaces in a frame buffer. • Content Providers – Allows applications Instead of drawing directly to the screen, it to publish and share data with other makes use of the off-screen buffering. All the applications. drawing commands go into off-screen bitmaps • Resource Manager – Provides access to where they are combined with other bitmaps non-code embedded resources such as to form the final display the user will see. This strings, color settings and user interface allows Android to create visual effects like layouts. fancy transitions, transparent windows. • Notifications Manager – Allows [6] applications to display alerts and Applications : notifications to the user. The applications are at the topmost layer of • View System – An extensible set of views the Android stack. An average user of the used to create application user interfaces. Android device would mostly interact with • Package Manager – The system by which this layer (for basic functions, such as making applications are able to find out phone calls, accessing the Web information about other applications browser etc.). The layers further down are currently installed on the device. accessed mostly by developers, • Telephony Manager – Provides programmers and the likes. information to the application about the Several standard applications come installed with every device, such as:
Published by Technical Disclosure Commons, 2021 4 Defensive Publications Series, Art. 3957 [2021]
• SMS client app 3. Wi-Fi • Dialer A mobile device is secure if the • Web browser network from it transmits data in • Contact manager secured. Today’s era is public network era; we have to look after the public Wi-Fi before using this. [2] II Mobile Security Issues It should be avoided unless we do not have second option. In an era 1. Data leakage where we're all constantly Data leakage is seen as being one connecting to public Wi-Fi of the most harmful threats to networks, that means our info enterprise security. Android often isn't as secure as we might Operating system is widely used in assume. the mobiles but still people are not aware about their OS and apps 4. Out-of-date devices they are using. Many of apps Smartphones, tablets and smaller which they are using may read connected devices — commonly known their precious data without prior as the Internet of Things (IoT) —they permission. Apps installed in mobile phones just need an access generally don't come with guarantees of of storage and other permission to timely and ongoing software updates. leak the data from device. So one This is true particularly on the Android should beware from installing front, where the vast majority of unknown apps from unknown manufacturers are embarrassingly sources . ineffective at keeping their products up to 2. Social Engineering date — both with operating system (OS) A staggering 91% of cybercrime updates and with the smaller monthly starts with email, according to security patches between them — as well a 2018 report by security firm as with IoT devices, many of which aren't FireEye. The firm refers to such even designed to get updates in the first incidents as "malware-less attacks," since they rely on tactics place. like impersonation to trick people 5.Password into clicking dangerous links or Password is something which assured the providing sensitive info. Phishing, users that their data is safe. But is it true? specifically, grew by 65% over the How one be assured that one’s application course of 2017, the mobile users or data is secured by their passwords. are at the greatest risk of falling Password comes in many forms like. for it because of the way many mobile email clients display only a Fingerprints , face locks, patterns, pins sender's name — making it and etc. Which one from these is more especially easy to spoof messages secure? Fingerprints are secured because and trick a person into thinking an it cannot be same, face lock is secure but email is from someone they know many cameras don’t differentiate between or trust. people itself from their image. So choose the best password protections depending upon your device. IV Recent Android Attacks[3]
https://www.tdcommons.org/dpubs_series/3957 5 Mehra: Android Security
Malware attacks on android mobile are not installed from authorized devices have increased very fast in sources. Some time while updating the past year. Hackers are attacking application instead of enclosing the android smart phones with credential- payload as a whole only an update theft, surveillance, and malicious component is included which will advertising. Researchers examined fetch or download the malicious that the cyber attacks in 2019 have payloads at runtime. Because the risen by 50% compared with last year. malicious payload is in the “updated” The key reason of increasing these application, not the original attacks is use of mobile banking application itself, it is stealthier than applications. Cybercriminals make the malware installation technique that them self more comfortable in directly includes the entire malicious attacking the mobile applications payload in the first place. The third rather than internet banking (NEFT technique applies the traditional drive- ETC). by download attack to mobile space. In many cases, the malware attacks follow similar distribution strategies VI Browser Security and Future to those targeting desktop users, with Threat [7] the applications silently running in the The increasing adoption of mobile background without the victim being devices and their use as a means to any the wiser. Some forms of Android malware have access information on the Web has led even been developed with advanced to the evolution of websites. Initially, evasion techniques in order to remain mobile browsers had to access undetected on infected devices. information through traditional For example, the Anubis banking websites. Today most of these trojan will only begin operating after websites also support Wireless motion sensors detect that the device Application Protocol (WAP) has been moved -- a strategy to avoid it being detected and analyzed in technology or have an equivalent sandbox environments. mobile HTML. V Identifying Android Malware[4] In a typical Internet or WWW model, The vast production and reduction in there is a client that makes a request the cost with an increase in to a server. The server processes the functionality and services are the request and sends a response back to reasons of the increasing demands of the client. This is more or less same in the smart phones especially android the WAP model, as well. However, mobile phones. Android malware can be characterized there is a gateway or proxy that sits in different ways in a systematic between the client and the server that characterization is proposed ranging adapts the requests and responses for from their installation, activation, to mobile devices. the carried malicious payloads. Mobile browsers are fully functional Malware installation can be browsers with functionality that rivals generalized into three main social engineering-based techniques: desktop versions. They include repackaging, update attack, and drive- support for cookies, scripts, flash, and by download. Most of the malware so forth. This means that users of package installed with the apps which mobile devices are exposed to attacks
Published by Technical Disclosure Commons, 2021 6 Defensive Publications Series, Art. 3957 [2021]
similar to those on desktop/laptop threats-you-should-take-seriously- computers. in-2019.html Conclusion 3. https://www.zdnet.com/article/mobi Mobile security must be ensured le-malware-attacks-are-booming-in- among all the Android devices. Even 2019-these-are-the-most-common- the authorized apps that are threats/ downloaded from the official app 4. https://www.intechopen.com/books store are also at risk. Mobile app /smartphones-from-an-applied- testing, device monitoring, forensics research-perspective/malware- and security intelligence capabilities analysis-and-detection-on-android- provide us with a unique set of mobile the-big-challenge security data. 5. https://developer.android.com/guide/pla tform References 6. https://androiddeveloperhelp.wordpress. 1. https://www.techotopia.com/index com/2013/12/10/architecture-of-android- .php/An_Overview_of_the_Andro application/ id_Architecture 7. https://books.google.co.in/ 2. https://www.csoonline.com/article 8. https://www.researchgate.net/ /3241727/7-mobile-security-
https://www.tdcommons.org/dpubs_series/3957 7