SlideShare a Scribd company logo

Android security

Download as PPTX, PDF
B
BehzadBeigzadeh

behzad beigzadeh & mohammad taghizadeh aparat Link: https://aparat.com/v/8TyAK

Education
1 of 19
Android security Presentation of Tarbiat Modares University Database Security Classroom Provider : behzad beigzadeh & mohammad taghizadeh Lesson Master:Sadegh Dorri nogorani First semester of 2019-2020 December 2019
About this presentation – APK and android package – Application security – Android OS – Device integrity – Data protection 2
APK and android package
Application security – Android provides multiple layers of application protection, enabling users to download apps for work or personal use to their devices with the peace of mind that they’re getting a high level of protection from malware, security exploits, and attacks  Application signing Android requires that all apps be digitally signed with a developer key prior to installation. When the system installs an update to an application, it compares the certificate in the new version with the one in the existing version, and allows the update if the certificate matches  Meta_inf 4
 Android permissions Apps, by default, have very limited capabilities and must get additional permissions from the user, such as access to contacts and SMS messages accept permissions at runtime rather than at installation 5
Android OS – Android is an open source OS that’s built on the Linux ® kernel and provides an environment for multiple apps to run simultaneously – The application sandbox defines the privileges available to the application. Apps are generally built using Android Runtime and interact with the OS through a framework that describes system services – Save /data/data of apps in Data folder 6
Device integrity Device integrity features protect the mobile device from any changes to the operating system, keeping the OS secure is essential  Verified Boot(Each Verified Boot stage is cryptographically signed)  Sandboxing(Android runs all apps inside sandboxes to prevent malicious or buggy app code from compromising other apps or the rest of the system.)  Runtime  File system For example:Filesystem sandboxing (Android uses Linux filesystem-based protection to further isolate application resources) 7
Sanboxing in run time 8
Data protection Android uses industry-leading security features to protect user data. The platform creates an application environment that protects the confidentiality, integrity, and availability of user data – Encryption 1. file-based encryption 2. legacy full-disk encryption – Lock screen 1. Fingerprint 2. Additional authentication methods and biometrics 9
Full-disk encryption – on encrypted devices using full-disk encryption (FDE), users needed to provide credentials before using basic phone functionality. – Full-disk encryption is the process of encoding all user data on an Android device using a single encryption key 10
file-based encryption – file-based encryption ensures that a user cannot decrypt another user’s data – File-based encryption allows files to be encrypted with different keys, – For example, alarms could not operate, accessibility services were unavailable, and phones could not receive calls until a user provided credentials 11
Lock screen Fingerprint – A false acceptance rate not higher than 0.002% and a false rejection rate of less than 10%. – After 5 rejected attempts, leave at least 30 seconds between subsequent attempts – All identifiable fingerprint data must be encrypted – Prevent addition of a fingerprint without first establishing a chain of trust by having the user confirm an existing device credential or add a new device credential (PIN/pattern/password) 12
Additional authentication methods and biometrics – Google Smart Lock uses that framework to allow a device to remain unlocked as long as it stays with the user, as determined by certain user presence or other signals 13
Network security – Android provides network security for data-in-transit to protect data sent to and from Android devices  Wi-Fi Android supports the WPA2-Enterprise (802.11i) protocol that support uses AES- 128-CCM authenticated encryption  VPN Android supports securely connecting to an enterprise network using VPN – Always-on VPN The system automatically starts that VPN after the device boots – Per User VPN – Per Application VPN 14
Android security updates – Monthly device updates are an important tool to keep Android users safe. Every month, Google publishes Android Security Bulletins to update users, partners, and customers on the latest fixes. These security updates are available for three years from release 15
Vulnerability Reward Program – Google’s Vulnerability Reward Program encourages and rewards researchers who find, fix, and prevent vulnerabilities on Android 16
Google security services – Google Play Protect Google Play Protect is a powerful threat detection service that actively monitors a device to protect it, its data, and its apps from malware. The always-on service is built into any device that has Google Play, protecting more than 2 billion devices. Google Play Protect regularly scans all the apps on a device 17
Conclusion – Yet the open source development approach of Android is a key part of its security – Device integrity – With Android, multiple layers of security support the diverse use cases of an open platform such as encryption. – Google Play Protect, the world’s most widely deployed mobile threat protection service, delivers built-in protection on every device. Powered by Google machine learning, it’s always working to catch and block harmful apps and scan the device to root out any vulnerabilities. Safe Browsing protection in Chrome protects enterprise users as they navigate the web by warning of potentially harmful sites. 18
– https://source.android.com/security/reports/Google_Android_Enterprise_Secu rity_Whitepaper_2018.pdf – https://cloudtweaks.com/2019/02/working-with-security-researchers-web- safer/ – https://faceit.ir/news/13308/What-Is-an-APK-File-and-What-Does-It-Do/ sources 19

Recommended

Ericom Shield datasheet
Ericom Shield datasheetEricom Shield datasheet
Ericom Shield datasheetEricom Software
 
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)ijp2p
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYRc Os
 
Trend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 ReviewTrend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 Reviewstakro
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research PaperPankaj Jha
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security CertificationVskills
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 

Recommended

Ericom Shield datasheet
Ericom Shield datasheetEricom Shield datasheet
Ericom Shield datasheetEricom Software
 
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)ijp2p
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYRc Os
 
Trend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 ReviewTrend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 Reviewstakro
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research PaperPankaj Jha
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security CertificationVskills
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Web applications vulnerabilities and threats
Web applications vulnerabilities and threatsWeb applications vulnerabilities and threats
Web applications vulnerabilities and threatsPrakash Poudel
 
Bank security
Bank securityBank security
Bank securityPLN9 Security Services Pvt. Ltd.
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and SecurityIMT CDL
 
Security Measures
Security MeasuresSecurity Measures
Security Measureshanna91
 
A STUDY ON INTRUSION DETECTION
A STUDY ON INTRUSION DETECTIONA STUDY ON INTRUSION DETECTION
A STUDY ON INTRUSION DETECTIONIAEME Publication
 
Cyber security
Cyber securityCyber security
Cyber securityKrishanu Ghosh
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systemsBirju Tank
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects HelpNetwork Simulation Tools
 
Mobile security
Mobile securityMobile security
Mobile securityNaveen Kumar
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intuneManishKumar959920
 
Vulnerabilities in Android
Vulnerabilities in AndroidVulnerabilities in Android
Vulnerabilities in AndroidBirju Tank
 
Presentation network security
Presentation network securityPresentation network security
Presentation network securitycegonsoft1999
 
Wapt course detail
Wapt course detailWapt course detail
Wapt course detailhackersguru
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 ReportRonen Mendezitsky
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 

More Related Content

What's hot

Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Web applications vulnerabilities and threats
Web applications vulnerabilities and threatsWeb applications vulnerabilities and threats
Web applications vulnerabilities and threatsPrakash Poudel
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and SecurityIMT CDL
 
Security Measures
Security MeasuresSecurity Measures
Security Measureshanna91
 
A STUDY ON INTRUSION DETECTION
A STUDY ON INTRUSION DETECTIONA STUDY ON INTRUSION DETECTION
A STUDY ON INTRUSION DETECTIONIAEME Publication
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systemsBirju Tank
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Vulnerabilities in Android
Vulnerabilities in AndroidVulnerabilities in Android
Vulnerabilities in AndroidBirju Tank
 
Presentation network security
Presentation network securityPresentation network security
Presentation network securitycegonsoft1999
 
Wapt course detail
Wapt course detailWapt course detail
Wapt course detailhackersguru
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 

What's hot (19)

Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Web applications vulnerabilities and threats
Web applications vulnerabilities and threatsWeb applications vulnerabilities and threats
Web applications vulnerabilities and threats
 
Bank security
Bank securityBank security
Bank security
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and Security
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
 
A STUDY ON INTRUSION DETECTION
A STUDY ON INTRUSION DETECTIONA STUDY ON INTRUSION DETECTION
A STUDY ON INTRUSION DETECTION
 
Cyber security
Cyber securityCyber security
Cyber security
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
 
Vulnerabilities in Android
Vulnerabilities in AndroidVulnerabilities in Android
Vulnerabilities in Android
 
Presentation network security
Presentation network securityPresentation network security
Presentation network security
 
Wapt course detail
Wapt course detailWapt course detail
Wapt course detail
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 

Similar to Android security

Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 ReportRonen Mendezitsky
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppAppknox
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systemsDivya Raval
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Android Overview
Android OverviewAndroid Overview
Android OverviewRaju Kadam
 
Security on android
Security on androidSecurity on android
Security on androidpk464312
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Google android security_2015_report_final
Google android security_2015_report_finalGoogle android security_2015_report_final
Google android security_2015_report_finalAndrey Apuhtin
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
Google android white paper
Google android white paperGoogle android white paper
Google android white paperSravan Reddy
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Satheesh Kumar V
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Android application fundamentals
Android application fundamentalsAndroid application fundamentals
Android application fundamentalsSteve Smith
 

Similar to Android security (20)

Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 Report
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
Android security
Android securityAndroid security
Android security
 
Android security
Android securityAndroid security
Android security
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
The Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android AppThe Ultimate Security Checklist Before Launching Your Android App
The Ultimate Security Checklist Before Launching Your Android App
 
Mobile security
Mobile securityMobile security
Mobile security
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systems
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Android Overview
Android OverviewAndroid Overview
Android Overview
 
Security on android
Security on androidSecurity on android
Security on android
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Google android security_2015_report_final
Google android security_2015_report_finalGoogle android security_2015_report_final
Google android security_2015_report_final
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
Google android white paper
Google android white paperGoogle android white paper
Google android white paper
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
 
Android application fundamentals
Android application fundamentalsAndroid application fundamentals
Android application fundamentals
 

Recently uploaded

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesShubhangi Sonawane
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

Recently uploaded (20)

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

Android security

  • 1. Android security Presentation of Tarbiat Modares University Database Security Classroom Provider : behzad beigzadeh & mohammad taghizadeh Lesson Master:Sadegh Dorri nogorani First semester of 2019-2020 December 2019
  • 2. About this presentation – APK and android package – Application security – Android OS – Device integrity – Data protection 2
  • 3. APK and android package
  • 4. Application security – Android provides multiple layers of application protection, enabling users to download apps for work or personal use to their devices with the peace of mind that they’re getting a high level of protection from malware, security exploits, and attacks  Application signing Android requires that all apps be digitally signed with a developer key prior to installation. When the system installs an update to an application, it compares the certificate in the new version with the one in the existing version, and allows the update if the certificate matches  Meta_inf 4
  • 5.  Android permissions Apps, by default, have very limited capabilities and must get additional permissions from the user, such as access to contacts and SMS messages accept permissions at runtime rather than at installation 5
  • 6. Android OS – Android is an open source OS that’s built on the Linux ® kernel and provides an environment for multiple apps to run simultaneously – The application sandbox defines the privileges available to the application. Apps are generally built using Android Runtime and interact with the OS through a framework that describes system services – Save /data/data of apps in Data folder 6
  • 7. Device integrity Device integrity features protect the mobile device from any changes to the operating system, keeping the OS secure is essential  Verified Boot(Each Verified Boot stage is cryptographically signed)  Sandboxing(Android runs all apps inside sandboxes to prevent malicious or buggy app code from compromising other apps or the rest of the system.)  Runtime  File system For example:Filesystem sandboxing (Android uses Linux filesystem-based protection to further isolate application resources) 7
  • 9. Data protection Android uses industry-leading security features to protect user data. The platform creates an application environment that protects the confidentiality, integrity, and availability of user data – Encryption 1. file-based encryption 2. legacy full-disk encryption – Lock screen 1. Fingerprint 2. Additional authentication methods and biometrics 9
  • 10. Full-disk encryption – on encrypted devices using full-disk encryption (FDE), users needed to provide credentials before using basic phone functionality. – Full-disk encryption is the process of encoding all user data on an Android device using a single encryption key 10
  • 11. file-based encryption – file-based encryption ensures that a user cannot decrypt another user’s data – File-based encryption allows files to be encrypted with different keys, – For example, alarms could not operate, accessibility services were unavailable, and phones could not receive calls until a user provided credentials 11
  • 12. Lock screen Fingerprint – A false acceptance rate not higher than 0.002% and a false rejection rate of less than 10%. – After 5 rejected attempts, leave at least 30 seconds between subsequent attempts – All identifiable fingerprint data must be encrypted – Prevent addition of a fingerprint without first establishing a chain of trust by having the user confirm an existing device credential or add a new device credential (PIN/pattern/password) 12
  • 13. Additional authentication methods and biometrics – Google Smart Lock uses that framework to allow a device to remain unlocked as long as it stays with the user, as determined by certain user presence or other signals 13
  • 14. Network security – Android provides network security for data-in-transit to protect data sent to and from Android devices  Wi-Fi Android supports the WPA2-Enterprise (802.11i) protocol that support uses AES- 128-CCM authenticated encryption  VPN Android supports securely connecting to an enterprise network using VPN – Always-on VPN The system automatically starts that VPN after the device boots – Per User VPN – Per Application VPN 14
  • 15. Android security updates – Monthly device updates are an important tool to keep Android users safe. Every month, Google publishes Android Security Bulletins to update users, partners, and customers on the latest fixes. These security updates are available for three years from release 15
  • 16. Vulnerability Reward Program – Google’s Vulnerability Reward Program encourages and rewards researchers who find, fix, and prevent vulnerabilities on Android 16
  • 17. Google security services – Google Play Protect Google Play Protect is a powerful threat detection service that actively monitors a device to protect it, its data, and its apps from malware. The always-on service is built into any device that has Google Play, protecting more than 2 billion devices. Google Play Protect regularly scans all the apps on a device 17
  • 18. Conclusion – Yet the open source development approach of Android is a key part of its security – Device integrity – With Android, multiple layers of security support the diverse use cases of an open platform such as encryption. – Google Play Protect, the world’s most widely deployed mobile threat protection service, delivers built-in protection on every device. Powered by Google machine learning, it’s always working to catch and block harmful apps and scan the device to root out any vulnerabilities. Safe Browsing protection in Chrome protects enterprise users as they navigate the web by warning of potentially harmful sites. 18