System level execution NX-bit Stack-overflow prevention Address Space Layout Randomization dlmalloc/calloc + extensions mmap_min_addr
Linux security measures Sandboxing in kernel Permissions enforced through linux groups Each app separate UID
Dalvik VM Not a security boundary■ No security manager■ Permissions areenforced in OS, not VM■ Bytecode verificationoptimized for speed, notsecurity
Zygote process preloads typical classesand dynamic link libraries Copy-on-write■ Only when new process writes page,new page is allocated.■ All pages not be written are sharedamong all zygote children. Exec system call is not used in zygote.■ wipes the page mapping table ofprocess.■ It means exec discards zygote cache. Runs as UID=0 (root). After forking childprocess, its UID is changed by setuidsystem call.Zygote processes
Binder IPC■ IPC via kernel interface■ Used under water for all IPC in Android• Service to application• Service to system• But also Intent-based communication...■ Is security-aware and passes calling UID & GID22 mei 2013 Powerpoint ICT Automatisering11
Intent system Communication between OS andapplications via Intents OS resolves requested action(e.g. edit contact) with allregistered Intent receivers Highly versatile and modular Allows changing out defaultfunctionality for alternatives
Permissions Permissions determine ifan app can perform anaction 4 levels:■ Normal■ Dangerous■ Signature■ System
Permissions contd Permissions checked when:■ Starting activities■ Starting/binding to services■ Sending to BroadcastReceivers■ Accessings ContentProviders (separate for read andwrite■ … and at any given moment usingContext.checkCallingPermission()
App signingAll Android applications must be signed by the author (developer) Application or code signing is the process of digitally signing a given applicationusing a private key to: Identify the codes author Detect if the application has changed Establish trust between applicationsOn Android, the certificate (X.509) can be self-signed, so there is no need for acertificate authorityAndroid applications can be built in debug and release-mode: In debug mode the app is automatically signed with debug key and cannot bedistributed (e.g. via Google Play) In release-mode the app is signed with the private key.
Encryption Full-disk encryption using dm-crypt■ Actually: /data partition Done using 128 bit AES/SHA256 Master key encrypted with another key based off devicePIN/passwd■ Problem: since PIN is usually 4 digits long, crackingmaster key is matter of little time...
Device Policies Determine user-levelsecurity Locate lost devices Enable remote wipe Can disable functionality(such as camera)
VPN Support for VPN connections based on■ IPSec■ PPTP■ Own VPN implementation (3rd party, 4.0+) Requires use of device lock mechanism As of Android 4.2, always-on VPN is possible too