CSF645 – Mobile Computing 行動計算 Mobile OS - Android 吳俊興 國立高雄大學 資訊工程學系 Outline •Mobile Operating System •Android System Overview – Applications, Development, Platform •Android System Security – Kernel and System Level Security – Security Enhancements •Android Application Security 2 Mobile Operating Systems • OS that operates mobile devices such as smartphone, tablet, PDA, or other digital mobile devices • Combining the features of a PC OS with – Touchscreen, cellular, Bluetooth, WiFi, GPS mobile navigation, gyroscope sensor, NFC – Voice recorder, camera, video camera – Speech recognition, music player – Battery-powered • Usually without – Keyboard, mouse, CD/DVD-ROM, HDD 3 Mobile OS Milestones Before 1992 Mobile phones / PDA 1993 Apple Newton OS (Personal Digital Assistant, PDA) 1996 Palm OS 1999 Nokia S40 OS 2000 Symbian for Ericsson 2002 Windows CE (Pocket PC) 2003 BlackBerry 2005 Nokia Maemo OS on the first Internet tablet N770 Google acquired Android Inc. on August 17, 2005 2007 Apple iPhone with iOS introduced as an iPhone - mobile phone and Internet communicator 2007 Open Handset Alliance (OHA) formed by Google, HTC, Sony, Dell, Intel, Motorola, Samsung, LG, etc 2007 Microsoft Windows Mobile 6 (Derived from Windows CE) 2008 OHA releases Android 1.0 with the HTC Dream (T-Mobile G1) as the first Android phone 2010 Microsoft Windows Phone (Metro Design Language) 4 Most Common Mobile OS • Google Android – On top of Linux Kernel • Apple iOS – On top of open source Darwin core OS, derived from Mac OS X • Microsoft Windows Phone (=> Windows 10) • Nokia S40 OS and Symbian OS • BlackBerry 10 • Qualcomm Brew 5 Android System Overview • Android – Unveiled by Google along with the founding of Open Handset Alliance to advance open standards for mobile devices • Early SDK was released on 12 November 2007 – iPhone firstly announced on January 9 2007 • Google acquired Android Inc. on August 17, 2005 • The first Android-powered phone was sold in October 2008 – Designed primarily for touchscreen mobile devices such as smartphones and tablet computers, and now for a multiscreen world include wearables, TV and auto • As of 2015, Android has the largest installed base of all general-purpose operating systems – Building on open-source Linux • Android code released as open source, under the Apache License 6 Android Applications • Applications are usually developed in the Java language using the Android Software Development Kit – Native Development Kit for applications or extensions in C or C++ – Installed from a single file with the .apk file extension • Android applications run in a sandbox – An isolated area of the OS that does not have access to the rest of the system's resources, unless access permissions are granted by the user when the application is installed • However, applications routinely requesting unnecessary permissions, reducing its effectiveness • The complexity of inter-application communication implies Android may have opportunities to run unauthorized code • Two primary sources for applications – Pre-Installed Applications – User-Installed Applications • Either through a store such as Google Play or the Amazon Appstore, or by • Downloading and installing the application's APK file from a third-partysite 7 Android Development • Android consists of – A kernel based on the Linux kernel 2.6 and Linux Kernel 3.x (Android 4.0 onwards) • Does not have a native X Window System nor does it support the full set of standard GNU libraries • a power management feature called wakelocks • The flash storage is split into several partitions, such as "/system" for the operating system itself and "/data" for user data and app installations • Android device owners are not given root access – With middleware, libraries and APIs written in C and • Dalvik virtual machine with just-in-time compilation to run Dalvik dex-code (Dalvik Executable), which is usually translated from Java bytecode – Application software running on an application framework which includes Java-compatible libraries based on Apache Harmony – The main hardware platform for Android is the ARM architecture 8 Android Platform Building Blocks • Device Hardware – Including smart phones, tablets, and set-top-boxes – Processor-agnostic, but taking advantage of some hardware-specific security capabilities such as ARM v6 eXecute-Never • Android Operating System – The core operating system is built on top of the Linux kernel – All device resources, like camera functions, GPS data, Bluetooth functions, telephony functions, network connections, etc. are accessed through OS • Android Application Runtime – Most often written in Java and run in the Dalvik virtual machine – But core Android services and applications are native applications or include native libraries – Both Dalvik and native applications run within the same security environment, contained within the Application Sandbox • Applications get a dedicated part of the filesystem in which they can writeprivatedata, including databases and raw files • Android Runtime (ART) – Introduced by Android 4.4 but not enabled by default • the only runtime in Android 5.0 – Uses ahead-of-time (AOT) compilation to entirely compile the application bytecode into machine code upon the installation of an application 9 Architecture Diagram 10 Android Application Framework Toolkit for applications in Java • Activity Manager: manages the activity life cycle – Started, Running, Background, Killed • Windows Manager: performs window management • View System: handles the views and layouts of UI • Content Providers: allows one application to make its data available to another • Notification Manager: alerts the user about events • Package Manager: maintains information on the available applications on the device • Telephony Manager: provides access to telephony services • Resource Manager: manages the storing of strings and layout files and bitmaps • Location Manager: finds the device’s geographic location • XMPP Service: supports IETF Extensible Messaging and Presence Protocol (adopted by GoogleTalk) 11 Main Android Application Building Blocks • AndroidManifest.xml: the control file that – Tells the system what to do with all the top-level components in an application • specifically activities, services, broadcast receivers, and content providers – Also specifies which permissions are required • Activities: An Activity is the code for a single, user- focused task – Usually includes displaying a UI to the user • some Activities never display UIs – Typically, one of the application's Activities is the entry point to an application 12 Main Android Application Building Blocks (cont.) • Services: A Service is a body of code that runs in the background – It can run in its own process, or in the context of another application's process – Other components "bind" to a Service and invoke methods on it via remote procedure calls – An example of a Service is a media player • even when the user quits the media-selection UI, the user probably still intends for music to keep playing • A Service keeps the music going even when the UI has completed • Broadcast Receiver – A BroadcastReceiver is an object that is instantiated when an IPC mechanism known as an Intent is issued by the operating system or another application – For example, an application may register a receiver for the low battery message and change its behavior based on that information 13 Android Versions Version Release date API level 5.1.x March 9, 2015 22 Lollipop 5.0.x November 3, 2014 21 4.4.x KitKat October 31, 2013 19-20 4.3.x July 24, 2013 18 4.2.xJelly Bean November 13, 2012 17 4.1.x July 9, 2012 16 4.0.x Ice Cream Sandwich October 19, 2011 14-15 3.x.x Honeycomb February 22, 2011 11-13 2.3.x Gingerbread December 6, 2010 9-10 2.2 Froyo May 20, 2010 8 2.0, 2.1 Éclair October 26, 2009 7 1.6 Donut September 15, 2009 4 1.5 Cupcake April 30, 2009 3 14 Android Security Overview • Security objectives – Protect user data – Protect system resources (including the network) – Provide application isolation • Key security features – Linux security • Secure interprocess communication – Mandatory application sandbox for all applications • Exception of a small amount of Android OS code running as root, all code above the Linux Kernel is restricted by the Application Sandbox – Application signing – Application-defined and user-granted permissions 15 Kernel and System Level Security • Linux fundamental security features – Prevents user A from reading user B's files – Ensures that user A does not exhaust user B's memory – Ensures that user A does not exhaust user B's CPU resources – Ensures that user A does not exhaust user B's devices (e.g. telephony, GPS, bluetooth) • Android security features – A user-based permissions model – Process isolation – Extensible mechanism for secure IPC – The ability to remove unnecessary and potentially insecure parts of the kernel 16 Android Security Enhancements • Application Sandbox • System Partition and Safe Mode • Filesystem Permissions • Filesystem Encryption • Device Administration • Password Protection • Memory Management Security Enhancements 17 Application Sandbox • Assign a unique user ID (UID) to each Android application – runs it as that user in a separate process • A kernel-level Application Sandbox – The kernel enforces security between applications and the system at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications – By default, applications cannot interact with each other and applications have limited
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages28 Page
-
File Size-