Android operating system and security

1. ANDROID OS & Security
A brief synopsis of the Android
Operating System and its security.
Group Members -
Bhumi Avhad - 20102B2002
Zobia Ansari - 20102A2010
Pratik Haldankar - 20102A2006
Harsh Pandita - 19102A0040

2. The ANDROID OS
• What is Android?
• A mobile operating system initially developed by
Android Inc, a firm acquired by Google in 2005
• Based on the Linux kernel
• First device working on android OS was HTC G1
which was launched on October 22nd, 2008

3. The ANDROID OS
• History
• Google acquires mobile software startup Android
in 2005
• Open Handset Alliance (OHA) officially starts
on November 5th, 2007
• Android 1.0 source and SDK released in Fall
2008 (http://www.android.com/timeline.html)

4. The ANDROID OS

5. The ANDROID OS
• Version History

6. The ANDROID OS
• System Architecture
• Linux Version 2.6 or 3.0.1
• Dalvik Virtual Machine (VM)
• Application Framework

7. Figure: System-architecture of Android

8. The ANDROID OS
• Applications
• Applications are written in Java or Python
• Applications are run on the Dalvik Virtual
Machine
• Development done in the Android SDK
• Development is open to all
• User driven Android Market

9. ANDROID Security
• Security - three applicability
• Confidentiality
• Protect private user data
• Integrity
• Reliability
• Availability
• Phone

10. ANDROID Security
• Android Security
• Relies on foundations; Linux, Dalvik, and Java.
• Security Goal: “A central design point of the
Android security architecture is that no
application, by default, has permission to
perform any operations that would adversely
impact on other applications, the operating
system, or the user.”

11. ANDROID Security
• Enforcement strategy
• Application signing and certification.
• Linux user name base access restriction
• Capability permissions

12. ANDROID Security
• Application Sandboxes
• All Applications run as their own Linux user.
• Several Inter-Process Communication methods:
– Activities
– Services
– BroadcastReceiver
– ContentProvider
– Intent
• Applications utilize a capability like model to
protect the system and the user.

13. ANDROID Security
• Android Capabilities and Permissions
• Capabilities default to safe state
• Must be explicitly defined to enable capabilities
• Permissions are static on install
• Users have open view of permissions

14. ANDROID Security
Snapshot of GPS Toggle Widget

15. ANDROID Security
• Security Concerns for developers
• Protect your application, use least privilege
principle.
• If you expose, mediate IPCs
• Provide maximum availability
– Minimize memory footprint
– Minimize battery usage

16. ANDROID Security
• Security Concerns for users
• Always try to
– Read reviews
– Analyze capabilities/permissions before installing
applications

17. Conclusion
• Principles of Secure Design
– Least Privilege
– Economy of Mechanism
– Complete Mediation
– Defense in depth
– Open Design
– Separation of Privilege
– Least Common Mechanism
– Psychological Acceptability
– Secure architecture
– Reliance on trust

18. References
2. Android Developers, “Security and Permissions.”
developer.android.com. 26 July 2010. Web. 27 July 2010
<http://developer.android.com/guide/topics/security/security.html>
1. Burns, Jesse. “Mobile Application Security on Android.”
blackhat.com. June 2009. Web. 27 July 2010.
<http://www.blackhat.com/presentations/bh-usa-09/BURNS/BHUSA09-Burns-
AndroidSurgery-PAPER.pdf>
3. Android (operating system) Wiki.
<http://en.wikipedia.org/wiki/Android_%28operating_sys
tem%29>
4. Elgin, Ben. “Google Buys Android for Its Mobile Arsenal”.
businessweek.com. 17 August 2005. Web. 27 July 2010.
<http://www.businessweek.com/technology/content/aug2005/tc20050817_0949_t
c024.htm>

19. ANDROID OS & Security
THANK YOU