7. Android is a software stack for mobile devices that includes an operating system,
middleware and key applications.
Developed by Google and Open Handset Alliance
What is Android?
8. Android was engineered from the beginning to be online.
Ability for users to extend the functionality of the device.
Ability for users to store their data on the devices.
9. Android Internals
Android platform is based on Linux technology.
Uses java Programming language
No monopoly status - Allows anyone to develop own applications.
Good news for Hackers
10. Android Architecture
11. Dalvik Virtual Machine
Interpreter only virtual machine.
The Dalvik VM executes files in the Dalvik Executable
(.dex) format which is optimized for minimal memory.
The VM is register-based, and runs classes compiled
by a Java language compiler that have been
transformed into the .dex format by the included “dx”
12. ANDROID APP BASICS
13. Android App will have an extension .apk
It’s nothing but a zip file.
Can be extracted using winrar, winzip etc.
Android App Basics
App illustrated – User Perspective
18. Mandatory application sandbox for all applications
Application-defined and user-granted permissions
Robust security at the OS level through the Linux kernel
Secure inter process communication
Android Platform Security
19. Dalvik Virtual Machine
Every Android application runs in its own process.
The UID will typically be something like app_XX
Runs with its own instance of the Dalvik virtual machine.
20. Declared in AndroidManifest.xml
XML file contains all the components and permissions
Binary XML formatted text. We cant read directly.
An App can only use the declared permissions (Theory )
Android Permission Model
21. Attacking Android Devices
-The known ways
23. Find your target Device
Check for exploits
Geinimi - Android malware with botnet-like capabilities.
Trojan-SMS for Android FakePlayer.
Some Popular Android Malwares
26. 1. Reverse Engineering
2. Build from Scratch
Building Android Malwares
27. Legitimate developer
Third party market
1. Reverse Engineering
31. Can Spy on SMS, CallLogs, Contacts, IMEI, Current Location, Browser History etc.
Implemented with Broadcast Receivers.
Doesn’t make noise – because, it’s a service.
Uploads everything to a remote server if internet is available on the device.
Will store them as text file onto SDcard if Internet is not available.
My Own Android Malware