This presentation done for my MSc studies @ UOM. The presentation is related to the paper "Understanding Android Security" by William Enck, Machigar Ongtang, and Patrick McDaniel. Pennsylvania State University on 2009
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...ijafrc
Android is a software stack that includes operating system, middle ware, applications for the development of devices. Android has evolved greatly and user experience in addition to consumer level efficiency along with integration of android powered devices also expanded. Because of its core aspects like open source nature and architectural modal it is becoming more innovative operating system. Android is being integrated and ported to various embedded devices this includes enterprise desktop IP phones, cameras, modem, sensors, and set-up boxes and automotive. One major advantage of using android framework beyond the mobile devices is the android applications can talk to the functionality of all these devices powered by android and developers need not to write several applications for different embedded systems. This paper looks at the challenges in android migration to the different embedded platforms and porting issues. Here we presented description of preparing and building AOSP in local environment and implementation with Programming for integrating user applications in android build system permanently.
Developing Cross platform apps in flutter (Android, iOS, Web)Priyanka Tyagi
Sharing slides from my Flutter talk at SV Code Camp: https://www.siliconvalley-codecamp.com/Session/2019/developing-cross-platform-applications-using-flutter-web-android-and-ios
Android is a Linux-based architecture. In addition to the original Linux driver, Android need other additional device driver, like Android Logger, Binder, Low Memory killer, Power Management for android(wakelock), ASHMEM, etc out of which ashmem ,logger and binder are all character device drivers.
This presentation covers the working model about Process, Thread, system call, Memory operations, Binder IPC, and interactions with Android frameworks.
Connecting Android apps to Android Auto, Ford Sync and other OEM SDKs. Presentation explores the different options available in the world of Driveables.
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...ijafrc
Android is a software stack that includes operating system, middle ware, applications for the development of devices. Android has evolved greatly and user experience in addition to consumer level efficiency along with integration of android powered devices also expanded. Because of its core aspects like open source nature and architectural modal it is becoming more innovative operating system. Android is being integrated and ported to various embedded devices this includes enterprise desktop IP phones, cameras, modem, sensors, and set-up boxes and automotive. One major advantage of using android framework beyond the mobile devices is the android applications can talk to the functionality of all these devices powered by android and developers need not to write several applications for different embedded systems. This paper looks at the challenges in android migration to the different embedded platforms and porting issues. Here we presented description of preparing and building AOSP in local environment and implementation with Programming for integrating user applications in android build system permanently.
Developing Cross platform apps in flutter (Android, iOS, Web)Priyanka Tyagi
Sharing slides from my Flutter talk at SV Code Camp: https://www.siliconvalley-codecamp.com/Session/2019/developing-cross-platform-applications-using-flutter-web-android-and-ios
Android is a Linux-based architecture. In addition to the original Linux driver, Android need other additional device driver, like Android Logger, Binder, Low Memory killer, Power Management for android(wakelock), ASHMEM, etc out of which ashmem ,logger and binder are all character device drivers.
This presentation covers the working model about Process, Thread, system call, Memory operations, Binder IPC, and interactions with Android frameworks.
Connecting Android apps to Android Auto, Ford Sync and other OEM SDKs. Presentation explores the different options available in the world of Driveables.
Paper presentation for my MSc @ UOM. The paper was "Model-Driven Testing with UML 2.0", Zhen Ru Dai Fraunhofer FOKUS, Kaiserin-Augusta-Allee 31, 10589 Berlin, Germany dai@fokus.fraunhofer.de
Android mobile operating system, Google developed, Linux Kernel based with basic motive to serve for
devices with touchscreen like tablets and smartphones. Due
to weak OS security it is vulnerable to various security attacks therefor to restrict access of third-party applications
off critical resources the security has been built upon a permission based mechanism. Permissions are declarations by
developers and user is demanded to accept. This paper
highlights Share User ID permission misuse following two factor authentication failure etc
Android Permissions Demystified
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner
University of California, Berkeley
{ apf, emc, sch, dawnsong, daw }@ cs.berkeley.edu
ABSTRACT
Android provides third-party applications with an extensive
API that includes access to phone hardware, settings, and
user data. Access to privacy- and security-relevant parts of
the API is controlled with an install-time application permis-
sion system. We study Android applications to determine
whether Android developers follow least privilege with their
permission requests. We built Stowaway, a tool that detects
overprivilege in compiled Android applications. Stowaway
determines the set of API calls that an application uses and
then maps those API calls to permissions. We used auto-
mated testing tools on the Android API in order to build
the permission map that is necessary for detecting overpriv-
ilege. We apply Stowaway to a set of 940 applications and
find that about one-third are overprivileged. We investigate
the causes of overprivilege and find evidence that developers
are trying to follow least privilege but sometimes fail due to
insufficient API documentation.
Categories and Subject Descriptors
D.2.5 [Software Engineering]: Testing and Debugging;
D.4.6 [Operating Systems]: Security and Protection
General Terms
Security
Keywords
Android, permissions, least privilege
1. INTRODUCTION
Android’s unrestricted application market and open source
have made it a popular platform for third-party applications.
As of 2011, the Android Market includes more applications
than the Apple App Store [10]. Android supports third-
party development with an extensive API that provides ap-
plications with access to phone hardware (e.g., the camera),
WiFi and cellular networks, user data, and phone settings.
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that copies
bear this notice and the full citation on the first page. To copy otherwise, to
republish, to post on servers or to redistribute to lists, requires prior specific
permission and/or a fee.
CCS’11, October 17–21, 2011, Chicago, Illinois, USA.
Copyright 2011 ACM 978-1-4503-0948-6/11/10 ...$10.00.
Access to privacy- and security-relevant parts of Android’s
rich API is controlled by an install-time application permis-
sion system. Each application must declare upfront what
permissions it requires, and the user is notified during in-
stallation about what permissions it will receive. If a user
does not want to grant a permission to an application, he or
she can cancel the installation process.
Install-time permissions can provide users with control
over their privacy and reduce the impact of bugs and vul-
nerabilities in applications. However, an install-time per-
mission system is ineffective if developers routinely request
more perm.
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
Millions of developers and third-party organizations have flooded into the Android ecosystem due to Android’s open-source feature and low barriers to entry for developers. .However, that also attracts many attackers. Over 90 percent of mobile malware is found targeted on Android. Though Android provides multiple security features and layers to protect user data and system resources, there are still some overprivileged applications in Google Play Store or third-party Android app stores at wild. In this paper, we proposed an approach to map system level behavior and Android APIs, based on the observation that system level behaviors cannot be avoidedbut sensitive Android APIs could be evaded.To the best of our knowledge, our approach provides the first work to decompose Android application behaviors based on system-level behaviors. We then map system level behaviors and Android APIs through System Call Dependence Graphs. The study also shows that our approach can effectively identify potential permission abusing, with an almost negligible performance impact.
ABSTRACT
Shoreline monitoring is important to overcome the problems in the measurement of the shoreline. Recently,
many researchers have directed attention to methods of predicting shoreline changes by the use of
multispectral images. However, the images being captured tend to have several problems due to the weather.
Therefore, identification of multi class features which includes vegetation and shoreline using multispectral
satellite image is one of the challenges encountered in the detection of shoreline. An efficient framework
using the near infrared–histogram equalisation and improved filtering method is proposed to enhance the
detection of the shoreline in Tanjung Piai, Malaysia, by using SPOT-5 images. Sub-pixel edge detection and
the Wallis filter are used to compute the edge location with the subpixel accuracy and reduce the noise. Then,
the image undergoes image classification process by using Support Vector Machine. The proposed method
performed more effectively and reliable in preserving the missing line of the shoreline edge in the SPOT-5
images.
ABSTRACT
Smartphones are used by billions of people that means the applications of the smartphone is increasing, it is out of control for applications marketplaces to completely validate if an application is malicious or legitimate. Therefore, it is up to users to choose for themselves whether an application is safe to use or not. It is important to say that there are differences between mobile devices and PC machines in resource management mechanism, the security solutions for computer malware are not compatible with mobile devices. Consequently, the anti-malware organizations and academic researchers have produced and proposed many security methods and mechanisms in order to recognize and classify the security threat of the Android operating system. By means of the proposed methods are different from one to another, they can be arranged into various classifications. In this review paper, the present Android security threats is discussed and present security proposed solutions and attempt to classify the proposed solutions and evaluate them.
Android applications have proven to be the most popular choice among consumers, surpassing desktop programmers. There is a diverse range of applications accessible for Android smartphones. But Insecure Android applications endanger consumers’ privacy and security. Furthermore, such programmers may cause financial losses. This is largely owing to the Android ecosystem’s openness.
This presentation gives detailed overview of Android, Android Architecture, Software Stack, Platform, Database Support, Licensing, File System, Network Connectivity, Security and Permissions, IDE and Tools, Other IDEs Overview, Development Evaluation, Singing your application, Versioning your application, Preparing to publish your application, Publish your App on Android Market. This presentation also includes links to sample exampled.
Note: Few slides from this presentation are taken from internet or slideshare.com as it is or modified little bit. I have no intention of saying someone’s else work as mine. I prepared this presentation to just educate co-workers about android. So I want the best material from internet and slideshare.com.
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...csandit
Android being a widely used mobile platform has witnessed an increase in the number of malicious samples on its market place. The availability of multiple sources for downloading
applications has also contributed to users falling prey to malicious applications. Classification of an Android application as malicious or benign remains a challenge as malicious applications maneuver to pose themselves as benign. This paper presents an approach which extracts various features from Android Application Package file (APK) using static analysis and subsequently classifies using machine learning techniques. The contribution of this work includes deriving, extracting and analyzing crucial features of Android applications that aid in efficient classification. The analysis is carried out using various machine learning algorithms
with both weighted and non-weighted approaches. It was observed that weighted approach depicts higher detection rates using fewer features. Random Forest algorithm exhibited high detection rate and shows the least false positive rate.
This presentation describe the importance of trade-off between software architecture quality attribute (NFR). Explain about Performance, Security, Availability and Scalability in depth and other in briefly.
Presented on tech talk @ DFN Technology.
Agile Requirements Engineering Practices: An Empirical StudyAsanka Dilruk
Paper presentation for my MSc @ UOM
Paper : "Agile Requirements
Engineering Practices:
An Empirical Study" on 2008
Lan Cao, Old Dominion University
Balasubramaniam Ramesh, Georgia State University
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
1. William Enck, Machigar Ongtang, and PatrickMcDanielWilliam Enck, Machigar Ongtang, and PatrickMcDaniel
Pennsylvania State UniversityPennsylvania State University
Presented by:
Dilruk G.A .(148209B)
Jagoda S.D. (148214K)
3. Introduction
Android (Google)
Open source
A base operation system for
mobiles
Application middleware layer
Java software development kit
Collection of system
applications
4. Feature of Android OS
Doesn’t support applications developed for other
platforms
Restricts application interaction to its special APIs
by running each application as its own user identity
Uses a simple permission label assignment model to
restrict access to resources and other applications
7. FriendTracker - Component Interaction
Intent - message
object containing
a destination
component
address and data
Action - the
process of inter-
components
communication
8. Security Enforcement
Android applications execute as its own user identity, allowing the
underlying Linux system to provide system-level isolation
Android middleware contains a reference monitor that mediates the
establishment of inter-component communication (ICC)
9. Security Enforcement
Core idea of Android security enforcement - labels assignment to
applications and components
A reference monitor provides mandatory access control (MAC)
enforcement of how applications access components
Access to each component is restricted by assigning it an access
permission label. Applications are assigned collections of permission
labels
When a component initiates ICC, the reference monitor looks at the
permission labels assigned to its containing application and— if the target
component’s access permission label is in that collection— allows ICC
establishment to proceed.
10. Security Enforcement : Access permission logic Example
Component A’s ability to access components B and C is determined
by comparing the access permission labels on B and C to the
collection of labels assigned to application 1.
12. Public and Private Components
Applications often contain components that another
application should never access. For example,
component related to password storing.
The solution is to Instead of defining an access
permission user can define the component as private.
Best Practice: Always set the “exported” attribute.
This significantly reduces the attack surface for many
applications.
13. Implicitly Open Components
At development time, if the decision of access
permission is unclear, The developer can permit
the functionality by not assigning an access
permission to it.
If a public component doesn’t explicitly have an
access permission listed in its manifest definition,
Android permits any application to access it.
Best Practice: Should always assign access
permissions to public components.
14. Intent Broadcast Permissions
Sending the unprotected intent is a privacy risk.
Android API for broadcasting intents optionally
allows the developer to specify a permission label
to restrict access to the intent object.
Best Practice: Always specify an access
permission on Intent broadcasts
15. Content Provider Permissions
If the developer want his application to be the only
one to update the contents but for other
applications to be able to read them.
Android allows such a security policy assigning
read or write permissions.
Best Practice: Always define separate read and
write permissions.
16. Service Hooks
Android only lets the developer assign one
permission label to restrict starting, stopping, and
binding to a service.
Under this model, any application can start or stop
Friend tracker can also tell it to monitor new
friends.
Best Practice: Use service hooks and let the
developers write code to perform custom runtime
security.
Eg.. Use checkPermission() to mediate
“administrative” operations in Friend Tracker .
17. Protected APIs
Not all system are accessed through components—
instead, Android provides direct API access.
Android protects these sensitive APIs with
additional permission label checks: an application
must declare a corresponding permission label in
its manifest file to use them.
Best Practice: Application need to request
permissions for protected APIs
18. Permission Protection Levels
The permission protection levels provide a means of
controlling how developers assign permission labels.
Normal – grant to any application that request them in
its manifest
Dangerous – granted only after user confirmation
Signature – granted only to application signed by the
same developer key
Signature or system – same like signature but exist for
legacy compatibility.
Best Practice: Use either signature or dangerous
permissions depending on the application behaviour
19. Pending Intents
The Pending Intent object is simply a reference
pointer that can pass to another application.
Recipient application can modify the original
intent and specify when the action is invoked.
Pending intents allow applications included with
the framework to integrate better with third-party
applications.
Best Practice: Only use Pending Intents as
“delayed callbacks” to private Components and
always specify the private broadcast receiver.
20. Lessons in Defining Policy
Android security policy begins with a relatively
easy-to-understand MAC enforcement model
Some refinements push policy into the application
code
The permission label itself is merely a text string,
but its assignment to an application provides
access to potentially limitless resources
Editor's Notes
In the first part of the paper they explain about android market and android flat form.
Then they discussed sample application developed by them to explain android framework architecture and application components.
After that main topic android security implementation is explained as two major
topics which are security enforcement and security refinements.
Finally paper is discussed about the lessons in defining android security policy.
Our presentation is organized as here.
First we will give brief introduction about android OS. Then let’s looking to the android application framework.
Next we are willing to talk about security enforcement and security refinements of android application.
And finally about the lesion in defining security policy.
Android is a base operating system for mobile applications which is led by Google.
It is widely anticipated open source application development platform and a large community of developers organized around android. Because of that many new products and application are now available for it.
Android provides base operating system, application middleware layer, Java development kit (SDK) and collection of system level applications.
Android is supporting for lot of online services like Google's Gmail, calendar and contacts. Phones which are used android is automatically synchronized with these services.
Here we can see several main features of android which is very important when we talked about the android application security.
First android OS Doesn’t support applications developed for other platforms
Android Restricts application interaction to its special APIs by running each application as its own user identity
Android Uses a simple permission label assignment model to restrict access to resources and other applications
We will looking to these in more details under security enforcements section.
The Android operating system is built on a modified Linux kernel.
The software stack contains Java applications running on a virtual machine called Dalvik virtual machine.
The system components are written in Java, C, C++, and XML.
Android OS consist of lot of core libraries which is support java.
On top of that application framework is build to support android application developments.
Authors are developed sample application to explain android application components.
Which is called friend tracker application and developed as two android applications. One is called friend tracker and other is friend viewer. This is mainly due to explain communication between two applications.
Android application doesn’t have a main () function or single entry point for execution, instead, developers must design applications in terms of components. There are four components Activity, Broadcast Receiver, Service and Content Provider.
Components in android applications are communicate each other using intents and actions.
Intent is a message object, which is containing a destination component address and data.
Action is a process of inter component communication.
9 security refinements
Some are extension to basic MAC model and some are new concepts
Some Applications often contain components that another application should never need access.
This is also related to the first point.
That can leak the user privacy information to explicitly listening attackers.
Insert, Update or delete
resources(for example, network, camera, microphone
Early model had two levels application or system
But new model has 4 protection levels for permission labels
Nomal is same as application permission in previous model
In Android defines an intent object to perform an action.
However, instead of performing the action, it passes the intent to a special method that creates a Pending Intent object corresponding to that action.
Android has to find a answer for how to control access to permission label
Things like allowing a application to use both microphone and internet