Android System Architecture
Pen-testing of Android applications
What is Android ?
• A software platform and operating system for
• Based on the Linux kernel(Kernel 2.6)
• Developed by Google and later Open Handset
• Also writing managed code in the Java
• C/C++ also but not supported
• First layer in system architecture
• These include the applications shipped with
android like the email client, SMS client, maps,
browsers and also the applications developed
and distributed through the Android market.
• Second layer in system architecture
• These include the programs that manage the
basic functions of the phone like resource
allocation, voice call management, etc
• The layer above to the Linux kernel is the
Android’s native libraries.
• These libraries are written in C/C++ languages.
• These libraries also run as processes within the
underlying Linux kernel.
• The libraries are nothing but a set of instructions
that tell the device how to handle different kinds
of data (e.g. The media libraries support playing
or recording various audio/video formats)
Some of the key libraries are listed
• SQLite:This is a lightweight yet powerful
relational database engine available for all
applications to store data.
• Webkit:This is a browser engine providing
tools for browsing web pages.
• Surface Manager: This is responsible for the
graphics on the device screens
• OpenGL: Used to render 2D or 3D graphics to
• This is located on the same layer as the libraries
• It consists of the core JAVA libraries and the
Dalvik virtual machine.
• The core Java libraries are used for developing
Android based applications.
• Dalvik VMs help in achieving the following:
- better memory management
-an application cannot interfere with other
applications without permissions
- threading support
• The diagram below is a pictorial
representation of the Android environment.
• It can be observed that each Android
application runs under a separate virtual
instance and each application has a unique
user-id assigned to it.
• This is last layer in system architecture
• Device drivers, power management, process
management and networking services depend
on the layer
• Android using Linux kernel 2.6 and android
developed over time have been harmonized.
• Android is not exactly Linux.
Penetration testing of Android apps
• The applications in Android can be mainly
classified into two categories:
-Android browser-based applications
-Android-based applications (Android
application package files – .apk extension files)
Android Filesystem Access
We want to analyze files within the device,so
how do we do this ?
Android FileSystem Access
• Android Debug Bridge (adb) command
-Access a shell
-Single ﬁle relational database
-Supportet by Android & iPhone APIs to store
• Using the ADB shell, we can browse to the
database folder and access the data as shown
• Applications may leak data through gratuitous
• In older versions of Android, the browser
would log URLs visited
-This also logged session Ids for websites
that put it in the GET request
Viewing Android Logs
• We can use ‘adb logcat’ command
Android Client Analysis
• Android Application Layout
-Apps are packaged in an APK ﬁle (zip archive)
-What is in it ?
-Dalvik class files(.dex)
-Assets and Resources
-APKs stored at /data/app on a device
Can extract this
• Enumerates permissions
• We are most interested in permissions and
Analyzing an APK
• The files inside an APK are not directly useful
-Need to unpack the XML,disassemble the
dex class files
We are using some tool for reverse engineering
Android apk files
• This way eassier than other ways
• You may be familiar with jad or jdgui
-Use dex2jar to get a (JVM) jar from an apk
*Perform “source review” on decompiled app
Does not work for all apks