Analysis and research of system security based on android

2,328 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,328
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
178
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Analysis and research of system security based on android

  1. 1. Application Security Based On By- Ravishankar Kumar 95511101
  2. 2. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
  3. 3. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
  4. 4. Some Statistics →Android powers hundreds of millions of mobile devices in more than 190 countries around the world. →Android users download more than 1.5 billion apps and games from Google Play each month. →Easily optimize a single binary for phones, tablets, and other devices. →Google Play is the premier marketplace for selling and distributing Android apps.
  5. 5. Factor care about mobile security 1.Android malware → It can use runtime environments like Java virtual machine or the .NET Framework. → It sends personal information to unauthorised third parties. → It can partially damage the device, or delete or modify data on the device. → It can spread through proximate devices using Wi-Fi, Bluetooth and infrared. → It can also spread using remote networks such as telephone calls or SMS or emails.
  6. 6. Factor care about mobile security 2.Ad Networks and Permissions →Attackers access to a phone number or device ID lets advertisers track your movements between apps, and build up complicated profiles. →Less reputable ad networks may also try to access your address book in order to send ads to other people, or even change your ringtone to an advertisement. →The attacker can easily force the smartphone to make phone calls. 3. Loss and Theft →Reports claim that 1.6 million Americans had their phone stolen in 2013.
  7. 7. Mobile Security Matures We are now seeing attacks against all layers of mobile infrastructure: • Applications • Platform • OS • Baseband • Network Mobile devices must be treated as fully fledged computers.
  8. 8. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
  9. 9. Introducing Android » Android is open source and Google releases the code under the Apache License. Source code at http://source.android.com » Any developer can use SDK at http://developer.android.com » Third party apps available on Google Play Download at http://play.google.com/store »Official Website of Android More at http://www.android.com
  10. 10. Android Version
  11. 11. New Version
  12. 12. Usage On
  13. 13. The Android Technology Stack • Linux kernel • Relies upon 90+ open source libraries o Integrated Web Kit based browser o SQLite for structured data storage o OpenSSL o Bouncy Castle o libc based on OpenBSD o Apache Harmony o Apache Http Client • Supports common sound, video and image codecs • API support for handset I/O o Bluetooth, EDGE, 3G, wifi o Camera, Video, GPS, compass, accelerometer, sound, vibrator
  14. 14. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Android security Issue oStoring Data oUsing Permission oCryptography Example Application
  15. 15. Android Security Some of the core security features that help you build secure apps include: »The Android Application Sandbox, which isolates your app data and code execution from other apps. »An application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC. » An encrypted file system that can be enabled to protect data on lost or stolen devices. » User-granted permissions to restrict access to system features and user data. » Application-defined permissions to control application data on a per-app basis.
  16. 16. Android Application Sandbox
  17. 17. Storing Data The most common security concern for an application on Android is whether the data that you save on the device is accessible to other apps. There are three fundamental ways to save data on the device: 1. Using internal storage » By default, files that you create on internal storage are accessible only to your app. » To provide additional protection for sensitive data, you might choose to encrypt local files using a key that is not directly accessible to the application. 2. Using external storage » Files created on external storage, such as SD Cards, are globally readable and writable. » As with data from any untrusted source, you should perform input validation when handling data from external storage.
  18. 18. Storing Data Cont.. 3. Using content providers »Content providers offer a structured storage mechanism that can be limited to your own application or exported to allow access by other applications. » When creating a ContentProvider that will be exported for use by other applications, you can specify a single permission for reading and writing, or distinct permissions for reading and writing within the manifest.
  19. 19. Using Permissions Because Android sandboxes applications from each other, applications must explicitly share resources and data. Requesting Permissions » If it's possible to design your application in a way that does not require any permissions, that is preferable. » addition to requesting permissions, your application can use the <permissions> to protect IPC that is security sensitive and will be exposed to other applications, such as a ContentProvider. Creating Permissions » Creating a new permission is relatively uncommon for most applications.
  20. 20. Using Permission Cont.. Creating Permissions » If you must create a new permission, consider whether you can accomplish your task with a "signature" protection level. » If you create a permission with the "dangerous" protection level, there are a number of complexities that you need to consider: 1. The permission must have a string that concisely expresses to a user the security decision they will be required to make. 2.The permission string must be localized to many different languages. 3.Users may choose not to install an application because a permission is confusing or perceived as risky. 4.Applications may request the permission when the creator of the permission has not been installed.
  21. 21. Using Cryptography » Android provides a wide array of algorithms for protecting data using cryptography. » Use existing cryptographic algorithms such as those in the implementation of AES or RSA provided in the Cipher class. » Use a secure random number generator, SecureRandom, to initialize any cryptographic keys, KeyGenerator.
  22. 22. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security  Prevention  Minimization  Detection  Reaction Example Application
  23. 23. Example Applications • Lookout Security & Antivirus • App Lock • Phone security alarm system
  24. 24. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features:
  25. 25. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware
  26. 26. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware ►FIND MY PHONE • Locate & Scream: Map the location of your device and make it sound an alarm • Signal Flare: Automatically save your phone's location when the battery is low.
  27. 27. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware ►FIND MY PHONE • Locate & Scream: Map the location of your device and make it sound an alarm • Signal Flare: Automatically save your phone's location when the battery is low. ►BACKUP & DOWNLOAD • Contact Backup: Save a copy of your Google contacts
  28. 28. Lookout Security & Antivirus
  29. 29. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
  30. 30. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access.
  31. 31. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access. » With AppLock, only you can see your hidden pictures. Privacy made easy!
  32. 32. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access. » With AppLock, only you can see your hidden pictures. Privacy made easy! » Selected pictures vanish from your photo gallery, and stay locked behind an easy-to-use PIN pad.
  33. 33. App Lock

×