2. Android Security
Last updated
Was this helpful?
Last updated
Was this helpful?
is based on the Linux O.S.
Virtual Machine
Dalvik - original runtime VM, not used anymore
Android Runtime (ART) - modern runtime for executing app's bytecode into the device, within the app's own sandbox and isolated file system with a unique user
Android Identity and Access Management
User - owner of the application directory
UID 10000 to 999999 - username e.g. u0_a129 (with UID 10129)
Various app's directories
/data/app/com.example.basic - generic app data
/data/data/com.example.basic - runtime storage of data
/mnt/sdcard/Android/data/com.example.basic - external stored data for runtime
root (system level) user is necessary to access every application directory
Apps can communicate with each other either through granted permissions or, more commonly, by utilizing an exposed Content Provider / Broadcast Receiver (e.g. Open with option).
Profiles (work BYOD, personal, etc) - access system level functions, but can have isolated app's data, clipboard, contacts, etc
Primary User - first created user, removed only by factory reset
Secondary User - additional users
Guest User - guest access to the phone
Kid Mode - specific account for kids
Android relies on a modified Linux Kernel with additional features, with key components such as the managed runtime (ART/Dalvik) for applications and Bionic, Android’s equivalent of glibc (GNU C library)
Support for various CPU types
Lower SDK/Android level can have more security vulnerabilities
The higher the SDK/API level, the better/more secure
Physical components are controlled by drivers
HAL is an interface between the operating system and hardware components, providing a standardized way for the OS to communicate with various manufacturer and type of hardware components.
HAL types: Automotive, iOT, Gaming peripherals, etc
C and C++ is the device's native language.
no VM required
Webkit, Libc, OpenMAX AL / OpenGL ES / Media (UI APIs)
A collection of predefined classes and methods provided by Java for building applications, offering a standardized set of functionalities.
Content Providers - for data sharing to other apps via a specific directory
View System - App's UI
Managers - Notifications, Package management, Telephony, Location, Activity, etc
The layer of software that includes essential system applications and services, Google and vendor specific pre-installed applications.
Android apps can be decompiled (reverse-engineered), rebuilt, re-signed and re-run.
DEX Bytecode ➡️ SMALI ➡️ Decompiled JAVA
📌 Android Applications need to be signed to run on Android devices.
Linux file permission model (e.g. drwxr-xr-x) -
Apps run on specific Android Runtime/API version (minSDKVersion) - Check for Android API Levels -
Java / are preferred over Native C, due to their portability and compatibility across various devices.
Tools for reverse engineering Android apps - ,
involves the use of cryptographic signatures, including additional features like Google Play Signing, to verify the authenticity and integrity of an Android app.
Signing Tools - (Generate a private key), (apk signing), (zip & optimize apk).
