What is Android?•Android is a software stackfor mobile devices thatincludes an operating system•Developed by Google andOpen Handset Alliance ‘OHA’•Android platform using theJava programming language•Largest market share ,more thanSymbian and IOS
Application Components• Activities: An activity represents a single screen with a user interface.• Services: It is runs in the background .• Broadcast receivers: Responds to system-wide broadcast announcements.• Content providers: It is manages a shared set of application data.
Types of threats• Malware apps: The idea is to lure users into downloading a free or heavily discounted game, get them to launch it, and clandestinely install malware behind their back.• Drive-by exploits: The idea is to lure Android users to visit a website containing code that exploits a known weakness in a browser.
• Web Browser Vulnerability • available as of October 22, 2008. • Can affect any information browser have access on them.• GappII • The service runs behind the scene and monitors the status of current phone screen. • can be remotely controlled to install additional apps without user’s knowledge.
• UpdtKiller • Upload victims’ personal information and retrieve commands from a remote control and command (C&C) server. • Block antivirus software processes so that viruses can’t be detected.• UpdtBot • UpdtBot registers a remote Command and Control (C&C) server. • Can send text messages, make phone calls, and download and install apps.
Security Mechanism in AndroidSandboxes Each application is associated with a different UID. Every application runs in its own Linux process. Each process runs on its own Java VM. Application’s directory is only available to the application.
Security Mechanism in AndroidPermissions• Any application needs explicit permissions to access the components of other applications.• These permissions are set by the package installer.
Security Mechanism in AndroidSignatures Any Android application must be signed with a certiﬁcate whose private key is held by the developer. Identify the codes author. Detect if the application has changed. Establish trust between applications.
How to protect ourselves• Download Apps Only from Trusted Sources• Always check app permissions. Whenever you download or update an app, you get a list of permissions for it.• Dont View Sensitive Information on Public Wi-Fi• Put a malware and antivirus scanner on your phone.• Protect Your Phone with a Password
Conclusion• Android has a unique security model, which focuses on putting the user in control of the device.• It is balance between security and usability.