4th Sem B.Tech
4th Sem B.Tech
Indian Institute of Information Technology,
Under the guidance & supervision of
Prof. Dr. O.P. Vyas
Period Android iOS
2015Q2 82.8% 13.9% 2.6% 0.3% 0.4%
2014Q2 84.8% 11.6% 2.5% 0.5% 0.7%
2013Q2 79.8% 12.9% 3.4% 2.8% 1.2%
2012Q2 69.3% 16.6% 3.1% 4.9% 6.1%
Source: IDC, AUG 2015
Why Care ?
• “Android users are two and half times as likely to encounter malware today than
6 months ago…”
-Lookout Mobile Threat Report
• “Today’s mobile devices are a mix bag when it comes to security… still vulnerable
to many traditional attacks..”
-Carey Nachenberg, Symantec
• The growth rate in malware within Android is huge; in the future there will
definetly be more.”
-Nikolay Grebennikov, CTO of Kaspersky
• “Any time a technology becomes adopted and popular, that technology will be
targeted by the bad guys.”
-Jay Abbott, PricewaterhouseCoopers LLP
Data on Smartphones
• GPS Data
• Google searches & Web History
• Account Information &Passwords
• Banking Data
Almost everything that was on your desktop a couple of years ago.
What is an APP
.apk Android Package
Name of the package
Describes components of the App
Minimum level of API
(all classes in one file)
MANIFEST.MF : Hashes of all files.
CERT.SF : Hash of MANEFEST.MF
and hashes of all the entries in
CERT.RSA: Signature of CERT.SF file
including the signer’s
certificate(public key itself)
• .apk Package are self signed!
• It’s not about the trustworthiness of the developer!
• The signature is just checked at installation time
• Files may be manipulated after that!
• At installation every App gets an own Linux User assigned
• Example: app_user_10
• Every App gets a directory within the filesystem
• Example: /data/data/com.example.MyApp
Where does App run?
• Every App runs within it’s own Linux process
• And as it’s own Linux user!
• Within the process a Dalvik VM instances is running
• Most Apps are just JAVA based
• Or they are Web based running within WebKit
• Native code can also be used for specific use-cases
• Over JNI or completely native
Android Apps and Processes
Android Permissions (Contd.)
• Require permissions to interact with App
• Permission required to pass an intent e.g. to startActivity()
• Intent send through ActivityManagerService
• System Content Providers are normal Apps e.g.
• Permissions required to read/write content providers can be defined
• Content Provider are “invoked” by ContentResolver.query()
• Sandboxing is implemented by the Android Permission
Model and Linux User separation
• Process are separated by different UIDs
• Filesystem Access is authorized by File Permissions
• Android API calls are authorized according to the Android
permissions e.g. access to Contacts, SMS, Location…
• Network, SD Card or Blutooth access is authorized by Linux Group
Escaping The Sandbox
• Apps can talk to other Apps via
• IPC (Binder)
• Content Providers
• Otherwise, to escape our sandbox, we need to use
• Some permissions are only available to system apps
Installing App from Unknown Source
• Downloaded App from Unknown Source
• Download .apk directly from internet
• Black Market App (Cracked version of Paid App)
Init Process Launch
Depends on Device
• By default there is no way to execute app as root
• Rooting: Find a way to run apps/ process as root!
• Eg. Install a Super User binary
• If you want to do it safely, do not do it!
• An unlocked bootloader is risky!
with too much
Install App with
and extract data!
• Passcode should be used
• As comlex as possible, as usual
• But it does’t full protection!
• Physical acquisition is a serious threat
• Lack of hardware support encryption
• Hardware module with hardware key would be better!
• Debug mode is evil!