Srinivasa RaoIndependent Security ResearcherWorking for TCSCo-Author of the book “HACKING S3CRETS”
What we discuss? Android OS Basics Understanding APK Android Architechture Android Security Model Android Rooting A Brief look into android malwares Reversing android malwares Pentesting on Android platform Demos
What is Android? Android is a software stack for mobile devices. The stack consists of An Operating System, Middleware and Key mobile applications It is initially developed by Android Inc in 2003 and later acquired by Google in 2005. 2007 – OHA(Open Handset Alliance) Largest market share HTC Dream – the first commercially available mobile phone based on android based operating system.
Why Android? Wherever you go it follows you!! (Tablets, mobile phones, TVs) Open source Anyone can develop apps! No restrictions like Iphone Runs on Linux 2.6.X kernel Uses SQLITE databases Official market containing over 7,00,000 apps
Understanding the APK Every app contains the extension .APK Nothing but a zip file Can be extracted with winrar or winzip. Written in Java, with native libraries in C/C++ Composed of components such as activities, services, Broadcast Receivers etc.
Components Activity Screen to let users interact – Buttons, text view, image view etc. Service Performs the work in the back ground – playing music Broadcast receiver Receives and Responds to broadcast announcements Binds individual components at runtime Intents Stores and retrieves the application data – SQLITE databases Content Providers
Permissions – They Suck!! Declared in AndroidManifest.xml XML file contains all the components and permissions App can only use the declared permissions
Permissions ACCESSS_COARSE_LOCATION CAMERA CHANGE_WIFI_STATE ACCESS_FINE_LOCATION READ_CALL_LOG CALL_PHONE READ_SMS READ_CONTACTS
Android Security Model Application 1 Application 2 Application 3 UID : 1000 UID : 1001 UID : 1002 Dalvik VM Dalvik VM Dalvik VM Application 4 Application 5 UID : 1003 UID : 1004 Dalvik VM Dalvik VM SYSTEM PROCESS (UID : SYSTEM) LINUX KERNEL
Dalvik Virtual Machine Created by Dan Bornstein It’s a virtual System to run the android apps Register based instead of stack based It runs the dex (Dalvik Executables) files
Some popular android malwares Geniemi Droid dream Trojan fake player iCalender