SlideShare a Scribd company logo

Analysis and research of system security based on android

Download as PPT, PDF
Ravishankar Kumar
Ravishankar Kumar

The document discusses mobile security and the Android operating system. It provides an overview of why mobile security is important, what Android is, how to develop for Android, and Android security features. It discusses threats like malware, data theft, and device loss. It then covers key aspects of the Android security model like application sandboxes, data storage options, permissions, and cryptography. Finally, it provides examples of security applications like Lookout Antivirus and App Lock.

Technology
1 of 35
Application Security Based On By- Ravishankar Kumar 95511101
Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
Some Statistics →Android powers hundreds of millions of mobile devices in more than 190 countries around the world. →Android users download more than 1.5 billion apps and games from Google Play each month. →Easily optimize a single binary for phones, tablets, and other devices. →Google Play is the premier marketplace for selling and distributing Android apps.
Factor care about mobile security 1.Android malware → It can use runtime environments like Java virtual machine or the .NET Framework. → It sends personal information to unauthorised third parties. → It can partially damage the device, or delete or modify data on the device. → It can spread through proximate devices using Wi-Fi, Bluetooth and infrared. → It can also spread using remote networks such as telephone calls or SMS or emails.
Factor care about mobile security 2.Ad Networks and Permissions →Attackers access to a phone number or device ID lets advertisers track your movements between apps, and build up complicated profiles. →Less reputable ad networks may also try to access your address book in order to send ads to other people, or even change your ringtone to an advertisement. →The attacker can easily force the smartphone to make phone calls. 3. Loss and Theft →Reports claim that 1.6 million Americans had their phone stolen in 2013.
Mobile Security Matures We are now seeing attacks against all layers of mobile infrastructure: • Applications • Platform • OS • Baseband • Network Mobile devices must be treated as fully fledged computers.
Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
Introducing Android » Android is open source and Google releases the code under the Apache License. Source code at http://source.android.com » Any developer can use SDK at http://developer.android.com » Third party apps available on Google Play Download at http://play.google.com/store »Official Website of Android More at http://www.android.com
Android Version
New Version
Usage On
The Android Technology Stack • Linux kernel • Relies upon 90+ open source libraries o Integrated Web Kit based browser o SQLite for structured data storage o OpenSSL o Bouncy Castle o libc based on OpenBSD o Apache Harmony o Apache Http Client • Supports common sound, video and image codecs • API support for handset I/O o Bluetooth, EDGE, 3G, wifi o Camera, Video, GPS, compass, accelerometer, sound, vibrator
Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Android security Issue oStoring Data oUsing Permission oCryptography Example Application
Android Security Some of the core security features that help you build secure apps include: »The Android Application Sandbox, which isolates your app data and code execution from other apps. »An application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC. » An encrypted file system that can be enabled to protect data on lost or stolen devices. » User-granted permissions to restrict access to system features and user data. » Application-defined permissions to control application data on a per-app basis.
Android Application Sandbox
Storing Data The most common security concern for an application on Android is whether the data that you save on the device is accessible to other apps. There are three fundamental ways to save data on the device: 1. Using internal storage » By default, files that you create on internal storage are accessible only to your app. » To provide additional protection for sensitive data, you might choose to encrypt local files using a key that is not directly accessible to the application. 2. Using external storage » Files created on external storage, such as SD Cards, are globally readable and writable. » As with data from any untrusted source, you should perform input validation when handling data from external storage.
Storing Data Cont.. 3. Using content providers »Content providers offer a structured storage mechanism that can be limited to your own application or exported to allow access by other applications. » When creating a ContentProvider that will be exported for use by other applications, you can specify a single permission for reading and writing, or distinct permissions for reading and writing within the manifest.
Using Permissions Because Android sandboxes applications from each other, applications must explicitly share resources and data. Requesting Permissions » If it's possible to design your application in a way that does not require any permissions, that is preferable. » addition to requesting permissions, your application can use the <permissions> to protect IPC that is security sensitive and will be exposed to other applications, such as a ContentProvider. Creating Permissions » Creating a new permission is relatively uncommon for most applications.
Using Permission Cont.. Creating Permissions » If you must create a new permission, consider whether you can accomplish your task with a "signature" protection level. » If you create a permission with the "dangerous" protection level, there are a number of complexities that you need to consider: 1. The permission must have a string that concisely expresses to a user the security decision they will be required to make. 2.The permission string must be localized to many different languages. 3.Users may choose not to install an application because a permission is confusing or perceived as risky. 4.Applications may request the permission when the creator of the permission has not been installed.
Using Cryptography » Android provides a wide array of algorithms for protecting data using cryptography. » Use existing cryptographic algorithms such as those in the implementation of AES or RSA provided in the Cipher class. » Use a secure random number generator, SecureRandom, to initialize any cryptographic keys, KeyGenerator.
Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security  Prevention  Minimization  Detection  Reaction Example Application
Example Applications • Lookout Security & Antivirus • App Lock • Phone security alarm system
Lookout Security & Antivirus Lookout Security & Antivirus FREE Features:
Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware
Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware ►FIND MY PHONE • Locate & Scream: Map the location of your device and make it sound an alarm • Signal Flare: Automatically save your phone's location when the battery is low.
Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware ►FIND MY PHONE • Locate & Scream: Map the location of your device and make it sound an alarm • Signal Flare: Automatically save your phone's location when the battery is low. ►BACKUP & DOWNLOAD • Contact Backup: Save a copy of your Google contacts
Lookout Security & Antivirus
App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access.
App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access. » With AppLock, only you can see your hidden pictures. Privacy made easy!
App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access. » With AppLock, only you can see your hidden pictures. Privacy made easy! » Selected pictures vanish from your photo gallery, and stay locked behind an easy-to-use PIN pad.
App Lock
Analysis and research of system security based on android
Analysis and research of system security based on android

Recommended

Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Android Security
Android SecurityAndroid Security
Android Security
Suminda Gunawardhana
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
Kelwin Yang
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
Sperasoft
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
Asanka Dilruk
 

Recommended

Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Android Security
Android SecurityAndroid Security
Android Security
Suminda Gunawardhana
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
Kelwin Yang
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
Sperasoft
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
Asanka Dilruk
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
Android Security
Android SecurityAndroid Security
Android Security
Mehrnaz Amoon
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
anupriti
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
hackstuff
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
h4oxer
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
Cheng-Yi Yu
 
Android security
Android securityAndroid security
Android securityMohamed Alharbi
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
SECON
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
BlrDroid
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthinkspa
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
OWASP
 
Android system security
Android system securityAndroid system security
Android system security
Chong-Kuan Chen
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android SecurityNational Cheng Kung University
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Android ppt
Android ppt Android ppt
Android ppt blogger at indiandswad
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
securityxploded
 

More Related Content

What's hot

Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
Android Security
Android SecurityAndroid Security
Android Security
Mehrnaz Amoon
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
anupriti
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
hackstuff
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
h4oxer
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
Cheng-Yi Yu
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
SECON
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
BlrDroid
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthinkspa
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
OWASP
 
Android system security
Android system securityAndroid system security
Android system security
Chong-Kuan Chen
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 

What's hot (20)

Android Security
Android SecurityAndroid Security
Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
Android sandbox
Android sandboxAndroid sandbox
Android sandbox
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Android security
Android securityAndroid security
Android security
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission Model
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Android system security
Android system securityAndroid system security
Android system security
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 

Viewers also liked

Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
securityxploded
 
Online unlocker - an android app
Online unlocker - an android appOnline unlocker - an android app
Online unlocker - an android app
Aditya Undirwadkar
 
App Lock
App LockApp Lock
App Lock
emepesanchez
 
[WWW2012] analyzing spammers' social networks for fun and profit
[WWW2012] analyzing spammers' social networks for fun and profit[WWW2012] analyzing spammers' social networks for fun and profit
[WWW2012] analyzing spammers' social networks for fun and profit
Chih-Hsuan Kuo
 
APIs Are Forever - How to Design Long-Lasting APIs
APIs Are Forever - How to Design Long-Lasting APIsAPIs Are Forever - How to Design Long-Lasting APIs
APIs Are Forever - How to Design Long-Lasting APIs
LaunchAny
 
Security Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesSecurity Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile Devices
Ńirjhor Ánjum
 
No one puts java in the container
No one puts java in the containerNo one puts java in the container
No one puts java in the container
kensipe
 
Shared information systems
Shared information systemsShared information systems
Shared information systems
Himanshu
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
Endeavour Software Technologies
 
Securing Android
Securing AndroidSecuring Android
Securing Android
Marakana Inc.
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
JWORKS powered by Ordina
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
Avinash Birnale
 
CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.
Anusha Chavan
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
securityxploded
 
Clean architecture on Android
Clean architecture on AndroidClean architecture on Android
Clean architecture on Android
GDG Odessa
 

Viewers also liked (16)

Android ppt
Android ppt Android ppt
Android ppt
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Online unlocker - an android app
Online unlocker - an android appOnline unlocker - an android app
Online unlocker - an android app
 
App Lock
App LockApp Lock
App Lock
 
[WWW2012] analyzing spammers' social networks for fun and profit
[WWW2012] analyzing spammers' social networks for fun and profit[WWW2012] analyzing spammers' social networks for fun and profit
[WWW2012] analyzing spammers' social networks for fun and profit
 
APIs Are Forever - How to Design Long-Lasting APIs
APIs Are Forever - How to Design Long-Lasting APIsAPIs Are Forever - How to Design Long-Lasting APIs
APIs Are Forever - How to Design Long-Lasting APIs
 
Security Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile DevicesSecurity Application for Smart Phones and other Mobile Devices
Security Application for Smart Phones and other Mobile Devices
 
No one puts java in the container
No one puts java in the containerNo one puts java in the container
No one puts java in the container
 
Shared information systems
Shared information systemsShared information systems
Shared information systems
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.CORPORATE LEADERSHIP Roles & Responsibilities.
CORPORATE LEADERSHIP Roles & Responsibilities.
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
 
Clean architecture on Android
Clean architecture on AndroidClean architecture on Android
Clean architecture on Android
 

Similar to Analysis and research of system security based on android

Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
android Security
android Security android Security
android Security
darkC0de
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
Bitbar
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
Surabaya Blackhat
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
Denim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
Denim Group
 
Security on android
Security on androidSecurity on android
Security on androidpk464312
 
Android Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfAndroid Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdf
NomanKhan869872
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
 
Android ppt
Android pptAndroid ppt
Android ppt
Indumathy Mayuranathan
 
Android Applications
Android ApplicationsAndroid Applications
Android Applications
Nazeer Hussain University
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
Android Security Humla Part 1
Android Security Humla Part 1Android Security Humla Part 1
Android Security Humla Part 1
Nikhil Kulkarni
 
Android
AndroidAndroid
Android
Tapan Khilar
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
Symantec
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
ClubHack
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App Developement
Aayush Gupta
 

Similar to Analysis and research of system security based on android (20)

Mobile security
Mobile securityMobile security
Mobile security
 
android Security
android Security android Security
android Security
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
Security on android
Security on androidSecurity on android
Security on android
 
Android Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfAndroid Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdf
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
Android ppt
Android pptAndroid ppt
Android ppt
 
Android Applications
Android ApplicationsAndroid Applications
Android Applications
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Android Security Humla Part 1
Android Security Humla Part 1Android Security Humla Part 1
Android Security Humla Part 1
 
Android
AndroidAndroid
Android
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App Developement
 

Recently uploaded

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 

Recently uploaded (20)

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 

Analysis and research of system security based on android

  • 1. Application Security Based On By- Ravishankar Kumar 95511101
  • 2. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
  • 3. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
  • 4. Some Statistics →Android powers hundreds of millions of mobile devices in more than 190 countries around the world. →Android users download more than 1.5 billion apps and games from Google Play each month. →Easily optimize a single binary for phones, tablets, and other devices. →Google Play is the premier marketplace for selling and distributing Android apps.
  • 5. Factor care about mobile security 1.Android malware → It can use runtime environments like Java virtual machine or the .NET Framework. → It sends personal information to unauthorised third parties. → It can partially damage the device, or delete or modify data on the device. → It can spread through proximate devices using Wi-Fi, Bluetooth and infrared. → It can also spread using remote networks such as telephone calls or SMS or emails.
  • 6. Factor care about mobile security 2.Ad Networks and Permissions →Attackers access to a phone number or device ID lets advertisers track your movements between apps, and build up complicated profiles. →Less reputable ad networks may also try to access your address book in order to send ads to other people, or even change your ringtone to an advertisement. →The attacker can easily force the smartphone to make phone calls. 3. Loss and Theft →Reports claim that 1.6 million Americans had their phone stolen in 2013.
  • 7. Mobile Security Matures We are now seeing attacks against all layers of mobile infrastructure: • Applications • Platform • OS • Baseband • Network Mobile devices must be treated as fully fledged computers.
  • 8. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security Prevention Minimization Detection Reaction
  • 9. Introducing Android » Android is open source and Google releases the code under the Apache License. Source code at http://source.android.com » Any developer can use SDK at http://developer.android.com » Third party apps available on Google Play Download at http://play.google.com/store »Official Website of Android More at http://www.android.com
  • 13. The Android Technology Stack • Linux kernel • Relies upon 90+ open source libraries o Integrated Web Kit based browser o SQLite for structured data storage o OpenSSL o Bouncy Castle o libc based on OpenBSD o Apache Harmony o Apache Http Client • Supports common sound, video and image codecs • API support for handset I/O o Bluetooth, EDGE, 3G, wifi o Camera, Video, GPS, compass, accelerometer, sound, vibrator
  • 14. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Android security Issue oStoring Data oUsing Permission oCryptography Example Application
  • 15. Android Security Some of the core security features that help you build secure apps include: »The Android Application Sandbox, which isolates your app data and code execution from other apps. »An application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC. » An encrypted file system that can be enabled to protect data on lost or stolen devices. » User-granted permissions to restrict access to system features and user data. » Application-defined permissions to control application data on a per-app basis.
  • 17. Storing Data The most common security concern for an application on Android is whether the data that you save on the device is accessible to other apps. There are three fundamental ways to save data on the device: 1. Using internal storage » By default, files that you create on internal storage are accessible only to your app. » To provide additional protection for sensitive data, you might choose to encrypt local files using a key that is not directly accessible to the application. 2. Using external storage » Files created on external storage, such as SD Cards, are globally readable and writable. » As with data from any untrusted source, you should perform input validation when handling data from external storage.
  • 18. Storing Data Cont.. 3. Using content providers »Content providers offer a structured storage mechanism that can be limited to your own application or exported to allow access by other applications. » When creating a ContentProvider that will be exported for use by other applications, you can specify a single permission for reading and writing, or distinct permissions for reading and writing within the manifest.
  • 19. Using Permissions Because Android sandboxes applications from each other, applications must explicitly share resources and data. Requesting Permissions » If it's possible to design your application in a way that does not require any permissions, that is preferable. » addition to requesting permissions, your application can use the <permissions> to protect IPC that is security sensitive and will be exposed to other applications, such as a ContentProvider. Creating Permissions » Creating a new permission is relatively uncommon for most applications.
  • 20. Using Permission Cont.. Creating Permissions » If you must create a new permission, consider whether you can accomplish your task with a "signature" protection level. » If you create a permission with the "dangerous" protection level, there are a number of complexities that you need to consider: 1. The permission must have a string that concisely expresses to a user the security decision they will be required to make. 2.The permission string must be localized to many different languages. 3.Users may choose not to install an application because a permission is confusing or perceived as risky. 4.Applications may request the permission when the creator of the permission has not been installed.
  • 21. Using Cryptography » Android provides a wide array of algorithms for protecting data using cryptography. » Use existing cryptographic algorithms such as those in the implementation of AES or RSA provided in the Cipher class. » Use a secure random number generator, SecureRandom, to initialize any cryptographic keys, KeyGenerator.
  • 22. Overview • Why care about mobile security? • What is Android? • How do I develop on Android? o Android Market • What about Security? o Cornerstones of Android security  Prevention  Minimization  Detection  Reaction Example Application
  • 23. Example Applications • Lookout Security & Antivirus • App Lock • Phone security alarm system
  • 24. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features:
  • 25. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware
  • 26. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware ►FIND MY PHONE • Locate & Scream: Map the location of your device and make it sound an alarm • Signal Flare: Automatically save your phone's location when the battery is low.
  • 27. Lookout Security & Antivirus Lookout Security & Antivirus FREE Features: ►SECURITY & ANTIVIRUS • App Scanning: Continuous, over-the-air protection from viruses, malware, adware and spyware ►FIND MY PHONE • Locate & Scream: Map the location of your device and make it sound an alarm • Signal Flare: Automatically save your phone's location when the battery is low. ►BACKUP & DOWNLOAD • Contact Backup: Save a copy of your Google contacts
  • 28. Lookout Security & Antivirus
  • 29. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
  • 30. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access.
  • 31. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access. » With AppLock, only you can see your hidden pictures. Privacy made easy!
  • 32. App Lock App Lock Features: » AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings. » AppLock empowers you to control photo and video access. » With AppLock, only you can see your hidden pictures. Privacy made easy! » Selected pictures vanish from your photo gallery, and stay locked behind an easy-to-use PIN pad.