UNIT – 1

1. Define Android and Write in detail about Android development framework?

A. Introduction To Android Android is an open source and Linux-based Operating System for mobile
devices such as smartphones and tablet computers. Android was developed by the Open Handset
Alliance, led by Google, and other companies. Android offers a unified approach to application
development for mobile devices which means developers need only develop for Android, and their
applications should be able to run on different devices powered by Android. Android has come a long
way from its humble beginnings, as the product of a small start up, all the way to becoming the
leading mobile operating system worldwide. Google’s introduction of Project Treble in Android Oreo
should make it easier for phone makers to update their devices faster. One challenge for Android
device owners that has been an issue for the OS ever since it launched is updating it with the latest
security patches, for major feature updates. Google’s supported Nexus and Pixel devices consistently
receive regular monthly security updates, and the latest version of the OS.
THE DEVELOPMENT FRAMEWORK: ANDROID ARCHITECTURE:
Android operating system is a stack of software components which is roughly divided into five
sections and four main layers as shown below in the architecture diagram

Android is structured in the form of a software stack comprising applications, an operating system,
run-time environment, middleware, services and libraries. Each layer of the stack, and the
corresponding elements within each layer, are tightly integrated and carefully tuned to provide the
optimal application development and execution environment for mobile devices.
THE LINUX KERNEL:
Positioned at the bottom of the Android software stack, the Linux Kernel provides a level of
abstraction between the device hardware and the upper layers of the Android software stack. Based on
Linux version 2.6, the kernel provides pre-emptive multitasking, low-level core system services such
as memory, process and power management in addition to providing a network stack and device
drivers for hardware such as the device display, Wi-Fi and audio.
ANDROID RUNTIME – ART:
When an Android app is built within Android Studio it is compiled into an intermediate bytecode
format (DEX format). When the application is subsequently loaded onto the device, the Android
Runtime (ART) uses a process referred to as Ahead-of-Time (AOT) compilation to translate the byte-
code down to the native instructions required by the device processor. This format is known as
Executable and Linkable Format (ELF). Each time the application is subsequently launched, the ELF
executable version is run, resulting in faster application performance and improved battery life. This
section provides a key component called Dalvik Virtual Machine which is a kind of Java Virtual
Machine specially designed and optimized for Android. The Dalvik VM makes use of Linux core
features like memory management and multithreading, which is intrinsic in the Java language. The
Dalvik VM enables every Android application to run in its own process, with its own instance of the
Dalvik virtual machine. The Android runtime also provides a set of core libraries which enable
Android application developers to write Android applications using standard Java programming
language.
ANDROID LIBRARIES:
In addition to a set of standard Java development libraries (providing support for such general purpose
tasks as string handling, networking and file manipulation), the Android development environment
also includes the Android Libraries. These are a set of Java-based libraries that are specific to Android
development.
C/C++ LIBRARIES:
The Android runtime core libraries are Java-based and provide the primary APIs for developers
writing Android applications. It is important to note, however, that the core libraries do not perform
much of the actual work and are, in fact, essentially Java ―wrappers‖ around a set of C/C++ based
libraries.
APPLICATION FRAMEWORK:
The Application Framework is a set of services that collectively form the environment in which
Android applications run and are managed. This framework implements the concept that Android
applications are constructed from reusable, interchangeable and replaceable components. This concept
is taken a step further in that an application is also able to publish its capabilities along with any
corresponding data so that they can be found and reused by other applications.
APPLICATIONS:
Located at the top of the Android software stack are the applications. These comprise both the native
applications provided with the particular Android implementation (for example web browser and
email applications) and the third party applications installed by the user after purchasing the device.

2. Define SDK and list the Features of SDK and explain?

A. SDK FEATURES:
Android SDK(Software Development Kit) is a set of development tools which is required when
building any android application.

Android SDK consists of several components within it such as –

SDK Platforms.
SDK Tools.
SDK Update Sites.
Android Emulator.
Android SDK:
It is a collection of software development tools and libraries which are required for building any
android application in any IDE whether it may be android studio, eclipse or any other. When Google
releases any new features in a specific android version or releases a new version for android then they
also release a new SDK version for it which consist of that updated features within it. These SDK
tools are essential for developing any android application. Android SDK can be installed in any
system whether it may be windows, Mac OS or Linux.

Components of Android SDK:

SDK Platform
Whenever a newer version of android is released such as Android 9,10 or it may be also called as
Android Oreo, Android Marshmallow or others. New SDK platform tools are also available to
download in SDK Platform tools. Each SDK platform tools package consists of android platform and
sources pertaining to an API level by default. The latest package of SDK Platform tools comes with
the latest updates related to android such as Android Tiramisu comes with updated clipboard manager
and we can also get to see other updated features in the latest SDK Platform tools.

SDK Tools:
SDK tools is a package of many essential tools which are required for development of any android
application. SDK tools consist of several different components such as Android SDK Build
Tools,NDK,Android SDK Command Line Tools, CMake and other. When any new update is released
by google for the updates of these tools. These tools are updated automatically to get the latest one.
SDK Update Sites:
SDK Update Sites consist of collections of different websites which are required for installation for
different SDK components inside your android SDK. This update sites section consists of website
links for different google websites which provides installation details for different SDK components
in Android SDK.
3. Describe Installing steps on Android Studio process in detail?

A. INSTALLING AND RUNNING APPLICATIONS ON ANDROID STUDIO:

Step 1 - System Requirements:
The required tools to develop Android applications are open source and can be downloaded from the
Web. Following is the list of software's you will need before you start your Android application
programming.

 Java JDK5 or later version

 Java Runtime Environment (JRE) 6
 Android Studio
Step 2 - Setup Android Studio
Android Studio is the official IDE for android application development.It works based on IntelliJ
IDEA, You can download the latest version of android studio from Android Studio 2.2 Download, If
you are new to installing Android Studio on windows,you will find a file, which is named as android-
studiobundle-143.3101438-windows.exe.So just download and run on windows machine according to
android studio wizard guideline. If you are installing Android Studio on Mac or Linux, You can
download the latest version from Android Studio Mac Download,or Android Studio Linux Download,
check the instructions provided along with the downloaded file for Mac OS and Linux. This tutorial
will consider that you are going to setup your environment on Windows machine having Windows 8.1
operating system.
Installation:
So let's launch Android Studio.exe,Make sure before launch Android Studio, Our Machine should
required installed Java JDK. To install Java JDK,take a references of Android environment setup
Once you launched Android Studio, its time to mention JDK7 path or later version in android studio
installer.

Below the image initiating JDK to android SDK

Need to check the components, which are required to create applications, below the image has
selected Android Studio, Android SDK, Android Virtual Machine and performance(Intel chip).

Need to specify the location of local machine path for Android studio and Android SDK, below the
image has taken default location of windows 8.1 x64 bit architecture.
Need to specify the ram space for Android emulator by default it would take 512MB of local machine
RAM.

At final stage, it would extract SDK packages into our local machine, it would take a while time to
finish the task and would take 2626MB of Hard disk space.
After done all above steps perfectly, you must get finish button and it gonna be open android studio
project with Welcome to android studio message as shown below

You can start your application development by calling start a new android studio project. in a new
installation frame should ask Application name, package information and location of the project.
After entered application name, it going to be called select the form factors your application runs on,
here need to specify Minimum SDK, in our tutorial, I have declared as API23: Android
6.0(Mashmallow)

The next level of installation should contain selecting the activity to mobile, it specifies the default
layout for Applications

At the finalstage it going to be open development tool to write the application code.
4. Describe Activity Life cycle with diagram?

A. Android Activity Lifecycle:

Let's see the 7 lifecycle methods of android activity:
defines the following call backs i.e. events. You don't need to implement all the callbacks methods.
However, it's important that you understand each one and implement those that ensure your app
behaves the way users expect.
Example:
This example will take you through simple steps to show Android application activity life cycle.
Follow the following steps to modify the Android application we created in Hello World Example
chapter –
5. What are the Android application components? Explain in detail with examples?

A. ANDROID - APPLICATION COMPONENTS:

Application components are the essential building blocks of an Android application. These
components are loosely coupled by the application manifest file AndroidManifest.xml that describes
each component of the application and how they interact.
There are following four main components that can be used within an Android application –

Activities:
An activity represents a single screen with a user interface,in-short Activity performs actions on the
screen. For example, an email application might have one activity that shows a list of new emails,
another activity to compose an email, and another activity for reading emails. If an application has
more than one activity, then one of them should be marked as the activity that is presented when the
application is launched.
An activity is implemented as a subclass of Activity class as follows –

Services:
A service is a component that runs in the background to perform long-running operations. For
example, a service might play music in the background while the user is in a different application, or
it might fetch data over the network without blocking user interaction with an activity.
A service is implemented as a subclass of Service class as follows –

Broadcast Receivers:
Broadcast Receivers simply respond to broadcast messages from other applications or from the
system. For example, applications can also initiate broadcasts to let other applications know that some
data has been downloaded to the device and is available for them to use, so this is broadcast receiver
who will intercept this communication and will initiate appropriate action.
A broadcast receiver is implemented as a subclass of BroadcastReceiver class and each message is
broadcaster as an Intent object.

Content Providers:
A content provider component supplies data from one application to others on request. Such requests
are handled by the methods of the ContentResolver class. The data may be stored in the file system,
the database orsomewhere else entirely.
A content provider is implemented as a subclass of ContentProvider class and must implement a
standard set of APIs that enable other applications to perform transactions.

We will go through these tags in detail while covering application components in individual chapters.
Additional Components
There are additional components which will be used in the construction of above mentioned entities,
their logic, and wiring between them. These components are –
6. List activity states and explain monitoring state changes briefly?

A. ACTIVITY STATES:
As activities are created and destroyed they move in and out of the stack. They transition through 4
states:

1. Active
When an activity is at the top of the stack it is the visible, focused, foreground activity that is
receiving user input. Android will attempt to keep it alive at all cost, killing activities further
down the stack as needed, to ensure that it has the resources it needs. When another activity
becomes active, this one will be paused.
Paused:
In some cases our activity will be visible but will not have focus. At this point it's paused.
This state is reached if a transparent or not-full-screen activity is active in front of it. When
paused, an activity is treated as if it were active. However, it doesn't receive user input events.
In extreme cases, Android will kill a paused activity to recover resources for the active
activity. When an activity becomes totally obscured, it is stopped.
Stopped:
When an activity isn't visible, it stops. The activity will remain in memory, retaining all state
information. However, it is now a candidate for termination when the system requires
memory elsewhere. When an activity stopped, it's important to save data and the current UI
state. Once an activity exited or closed, it becomes inactive.
2. Inactive:
After an activity has been killed, and before it's been launched, it's inactive. Inactive activities
have been removed from the activity stack and need to be restarted before they can be
displayed and used.
Monitoring State Changes:
To ensure that activities can react to state changes, Android provides several event handlers
that are fired when an activity transitions through its full, visible, and active lifetime.

7. Write about Android Manifest file?

A. ANDROID MANIFEST FILE:
The AndroidManifest.xml file contains information of your package, including components
of the application such as activities, services, broadcast receivers, content providers etc.
It performs some other tasks also:

 It is responsible to protect the application to access any protected parts by providing

the permissions.
 It also declares the android api that the application is going to use.
 It lists the instrumentation classes. The instrumentation classes provides profiling and
other informations. These informations are removed just before the application is
published etc.
This is the required xml file for all the android application and located inside the root
directory.
Manifest file:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.javatpoint.hello"
android:versionCode="1"
android:versionName="1.0" >
<uses-sdk
android:minSdkVersion="8"
android:targetSdkVersion="15" />
<application
android:icon="@drawable/ic_launcher"
android:label="@string/app_name"
android:theme="@style/AppTheme" >
<activity
android:name=".MainActivity"
android:label="@string/title_activity_main" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>

8. Define Android OS design features?

A. FeaturesofAndroid:
Android is a powerful operating system competing with Apple 4GS andsupport greatfeatures. Few of
them are listed below:
9. List the steps and explain the process of creating AVDs?
A. Create Android Virtual Device:
To test your Android applications, you will need a virtual Android device. So before we start writing
our code, let us create an Android virtual device. Launch Android AVD Manager Clicking
AVD_Manager icon as shown below

After Click on a virtual device icon, it going to be shown by default virtual devices which are present
on your SDK, or else need to create a virtual device by clicking Create new Virtual device button
If your AVD is created successfully it means your environment is ready for Android application
development. If you like, you can close this window using top-right cross button. Better you re-start
your machine and once you are done with this last step, you are ready to proceed for your first
Android example but before that we will see few more important concepts related to Android
Application Development.
Hello Word Example
Before Writing a Hello word code, you must know about XML tags.To write hello word code, you
should redirect to App>res>layout>Activity_main.xml

To show hello word, we need to call text view with layout ( about text view and layout, you must take
references at Relative Layout and Text View ).
Need to run the program by clicking Run>Run App or else need to call shift+f10key.

Finally, result should be placed at Virtual devices as shown above.

10. Describe Android development framework?

A. THE DEVELOPMENT FRAMEWORK:

Android operating system is a stack of software components which is roughly divided into five
sections and four main layers as shown below in the architecture diagram
Android is structured in the form of a software stack comprising applications, an operating system,
run-time environment, middleware, services and libraries. Each layer of the stack, and the
corresponding elements within each layer, are tightly integrated and carefully tuned to provide the
optimal application development and execution environment for mobile devices.
THE LINUX KERNEL:
Positioned at the bottom of the Android software stack, the Linux Kernel provides a level of
abstraction between the device hardware and the upper layers of the Android software stack. Based on
Linux version 2.6, the kernel provides pre-emptive multitasking, low-level core system services such
as memory, process and power management in addition to providing a network stack and device
drivers for hardware such as the device display, Wi-Fi and audio.
ANDROID RUNTIME – ART:
When an Android app is built within Android Studio it is compiled into an intermediate bytecode
format (DEX format). When the application is subsequently loaded onto the device, the Android
Runtime (ART) uses a process referred to as Ahead-of-Time (AOT) compilation to translate the byte-
code down to the native instructions required by the device processor. This format is known as
Executable and Linkable Format (ELF). Each time the application is subsequently launched, the ELF
executable version is run, resulting in faster application performance and improved battery life. This
section provides a key component called Dalvik Virtual Machine which is a kind of Java Virtual
Machine specially designed and optimized for Android. The Dalvik VM makes use of Linux core
features like memory management and multithreading, which is intrinsic in the Java language. The
Dalvik VM enables every Android application to run in its own process, with its own instance of the
Dalvik virtual machine. The Android runtime also provides a set of core libraries which enable
Android application developers to write Android applications using standard Java programming
language.
ANDROID LIBRARIES:
In addition to a set of standard Java development libraries (providing support for such general purpose
tasks as string handling, networking and file manipulation), the Android development environment
also includes the Android Libraries. These are a set of Java-based libraries that are specific to Android
development.
C/C++ LIBRARIES:
The Android runtime core libraries are Java-based and provide the primary APIs for developers
writing Android applications. It is important to note, however, that the core libraries do not perform
much of the actual work and are, in fact, essentially Java ―wrappers‖ around a set of C/C++ based
libraries.
APPLICATION FRAMEWORK:
The Application Framework is a set of services that collectively form the environment in which
Android applications run and are managed. This framework implements the concept that Android
applications are constructed from reusable, interchangeable and replaceable components. This concept
is taken a step further in that an application is also able to publish its capabilities along with any
corresponding data so that they can be found and reused by other applications.
APPLICATIONS:
Located at the top of the Android software stack are the applications. These comprise both the native
applications provided with the particular Android implementation (for example web browser and
email applications) and the third party applications installed by the user after purchasing the device.
 UNIT-2
11) What is Layout? Define Relative Layout and table Layout in Android with Examples?
Ans: Layouts :
Layouts in Android are used to define the structure and arrangement of user interface
elements within an app's UI. There are several types of layout managers available in
Android to help you organize and position UI components efficiently. Here, I'll provide a
detailed explanation of four common types of layouts:
Relative Layout:
Overview: A RelativeLayout allows you to position child views relative to each other or
relative to the parent
layout. It provides more flexibility than LinearLayout in terms of positioning elements.
Attributes:
Various attributes like android:layout_above, android:layout_below, android:layout_toStartOf,
android:layout_alignParentTop, etc., are used to specify the relative positioning of views.
Use Cases: Relative layouts are suitable when you need to create complex UIs with
elements that have dependencies on each other's positions.

Example:
<RelativeLayout
android:layout_width="match_parent"
android:layout_height="match_parent">
<TextView
android:id="@+i
d/title"
android:layout_width="wrap_c
ontent"
android:layout_height="wrap_c
ontent" android:text="Title" />
<Button
android:layout_width="wrap_co
ntent"
android:layout_height="wrap_co
ntent"
android:layout_below="@id/title
" android:text="Click Me" />

</RelativeLayout>
Table Layout:
Overview: A TableLayout is used to arrange child views in rows and columns, similar to an HTML
table. It's
useful when you need to create a UI with multiple rows and columns of data.
Attributes:
Child views are placed within <TableRow> elements, and you can set attributes like
android:layout_span, android:layout_column, and android:layout_weight to control their placement
and sizing.
Use Cases: Table layouts are suitable for displaying tabular data, settings screens, or forms with
multiple fields.
Example:
<TableLayout
android:layout_width="match_parent" android:layout_height="match_parent">
<TableRow>
<TextView
android:text="Name:" />
<EditText
android:hint="Enter your name" />
</TableRow>
<TableRow>
<TextView
android:text="Age:" />
<EditText
android:hint="Enter your age" />
</TableRow>
<TableRow>
<Button
android:text="Submit" />
</TableRow>
</TableLayout>
12) Explain in Detail about Checkboxes, Spinners, Dialog and pickers in Android Studio?
Ans: CheckBox: A CheckBox allows users to select one or more options from a list of choices.
Example:

<CheckBox
android:id="@+id/checkbox"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Agree to terms and conditions" />
Spinners:
Spinner: A Spinner displays a dropdown list of items from which the user can select one option.
Spinners provide a quick way to select one value from a set. In the default state, a spinner shows its
currently selected value. Touching the spinner displays a dropdown menu with all other available
values, from which the user can select a new one.
Example:
<Spinner
android:id="@+id/spinner"
android:layout_width="match_parent"
android:layout_height="wrap_content" />
Dialogs and Pickers:
Android provides various dialogs and pickers, such as AlertDialog, DatePickerDialog, and
TimePickerDialog, for displaying messages, picking dates, and selecting times. A dialog is a small
window that prompts the user to make a decision or enter additional information. A dialog does not fill
the screen and is normally used for modal events that require users to take an action before they can
proceed.
The Dialog class is the base class for dialogs, but you should avoid instantiating Dialog directly.
Instead, use one of the following subclasses:
AlertDialog : A dialog that can show a title, up to three buttons, a list of selectable items,
or a custom layout.
DatePickerDialog or TimePickerDialog : A dialog with a pre-defined UI that allows the
user to select a date or time.

Example (DatePickerDialog)(java code)

DatePickerDialog datePickerDialog = new DatePickerDialog(this, (view, year, month, dayOfMonth) -> {
// Handle date selection
}, initialYear, initialMonth, initialDay);
datePickerDialog.show();
These UI components can be customized and combined to create a wide range of user interfaces in
Android apps, allowing you to build rich and interactive experiences for your users.
13) Define fragment? Write about how to create fragments and explain its Lifecycle?
Ans: A Fragment is a piece of an activity which enable more modular activity design. It will not be
wrong if we say, a fragment is a kind of sub-activity.
Following are important points about fragment −
· A fragment has its own layout and its own behaviour with its own life cycle callbacks.
· You can add or remove fragments in an activity while the activity is running.
· You can combine multiple fragments in a single activity to build a multi-pane UI.

· A fragment can be used in multiple activities.

· Fragment life cycle is closely related to the life cycle of its host activity which means when the

· activity is paused, all the fragments available in the activity will also be stopped.
· A fragment can implement a behaviour that has no user interface component.
· Fragments were added to the Android API in Honeycomb version of Android which
API version11.
You create fragments by extending Fragment class and You can insert a fragment into your activity
layout by declaring the fragment in the activity's layout file, as a <fragment> element.Prior to
fragment introduction, we had a limitation because we can show only a single activity on the screen at
one given point in time. So we were not able to divide device screen and control different parts
separately. But with the introduction of fragment we got more flexibility and removed the limitation
of having a single activity on the screen at a time. Now we can have a single activity but each activity
can comprise of multiple fragments which will have their own layout, events and complete life cycle.
Following is a typical example of how two UI modules defined by fragments can be combined into
one activity for a tablet design, but separated for a handset design.

The application can embed two fragments in Activity A, when running on a tablet-sized device.
However, on a handset-sized screen, there's not enough room for both fragments, so Activity A
includes only the fragment for the list of articles, and when the user selects an article, it starts
Activity B, which includes the second fragment to read the article.
Fragment Life Cycle
Android fragments have their own life cycle very similar to an android activity. This section briefs
different stages of its life cycle.

Fragment lifecycle
Here is the list of methods which you can to override in your fragment class −
§ onAttach()The fragment instance is associated with an activity instance.The fragment and the
activity is not fully initialized. Typically you get in this method a reference to the activity which66
uses the fragment for further initialization work.
§ onCreate() The system calls this method when creating the fragment. You should initialize essential
components of the fragment that you want to retain when the fragment is paused or stopped, then
resumed.
§ onCreateView() The system calls this callback when it's time for the fragment to draw its user
interface for the first time. To draw a UI for your fragment, you must return a View component from
this method that is the root of your fragment's layout. You can return null if the fragment does not
provide a UI.
§ onActivityCreated()The onActivityCreated() is called after the onCreateView() method when the
host activity is created. Activity and fragment instance have been created as well as the view
hierarchy of the activity. At this point, view can be accessed with the findViewById() method.
example. In this method you can instantiate objects which require a Context object
§ onStart()The onStart() method is called once the fragment gets visible.
§ onResume()Fragment becomes active.
§ onPause() The system calls this method as the first indication that the user is leaving the fragment.
This is usually where you should commit any changes that should be persisted beyond the current user
session.
§ onStop()Fragment going to be stopped by calling onStop()
§ onDestroyView()Fragment view will destroy after call this method
§ onDestroy()onDestroy() called to do final clean up of the fragment's state but Not guaranteed to be
called by the Android platform.

14) List and explain Android user interface components?

Ans: User Interface (UI) components are the building blocks of an Android app's user interface.
They allow you to interact with and display information to the user. Here are some common UI
components, including editable and non-editable text views, buttons, radio buttons, toggle buttons,
checkboxes, spinners, and dialog/picker components:
1. Editable Text Views:

EditText: An EditText is an editable text field that allows users to input text or numbers. It's often
used for forms and text input fields.

Example:

<EditText
android:id="@+id/editText"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter text" />

EditText Attributes
Following are the important attributes related to EditText control. You can check Android official
documentation for complete list of attributes and related methods which you can use to change
these attributes are run time.
Inherited from android. widget. TextView Class −

Attribute & Description

android:autoText
If set, specifies that this TextView has a textual input method and automatically corrects some
common spelling e

android:drawableBottom
This is the drawable to be drawn below the text.

android:drawableRight
This is the drawable to be drawn to the right of the text.
 android:editable
If set, specifies that this TextView has an input method.

android:text
This is the Text to display.

2. Non-Editable Text Views:

TextView: A TextView is a non-editable text field used to display text or labels. It's commonly used
for displaying information.
Example:
<TextView
android:id="@+id/textView"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Hello, World!" />
3. Buttons:

Button: A Button is a UI component that the user can click to trigger an action or perform an
operation

Example:
<Button
android:id="@+id/button"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Click Me" />
4. Radio Buttons:

RadioButton: Radio buttons are used in groups where only one option can be selected at a time.
RadioGroup: A RadioGroup is used to group multiple RadioButtons so that they work as a single unit.

Example:
<RadioGroup
android:id="@+id/radioGroup">
<RadioButton
android:id="@+id/radioOption1"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Option 1" />
<RadioButton
android:id="@+id/radioOption2"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Option 2" />
</RadioGroup>
5. Toggle Buttons:

ToggleButton: A ToggleButton is a button that toggles between two states (e.g., on/off).
Example:
<ToggleButton
android:id="@+id/toggleButton"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:textOn="On"

android:textOff="Off" />
6. CheckBox: A CheckBox allows users to select one or more options from a list of choices.

Example:

<CheckBox
android:id="@+id/checkbox"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Agree to terms and conditions" />
7.Spinners:
Spinner: A Spinner displays a dropdown list of items from which the user can select one option.
Spinners provide a quick way to select one value from a set. In the default state, a spinner shows its
currently selected value. Touching the spinner displays a dropdown menu with all other available
values, from which the user can select a new one.
Example:
<Spinner
android:id="@+id/spinner"
android:layout_width="match_parent"
android:layout_height="wrap_content" />
8.Dialogs and Pickers:
Android provides various dialogs and pickers, such as AlertDialog, DatePickerDialog, and
TimePickerDialog, for displaying messages, picking dates, and selecting times. A dialog is a small
window that prompts the user to make a decision or enter additional information. A dialog does not fill
the screen and is normally used for modal events that require users to take an action before they can
proceed.
The Dialog class is the base class for dialogs, but you should avoid instantiating Dialog directly.
Instead, use one of the following subclasses:
AlertDialog : A dialog that can show a title, up to three buttons, a list of selectable items,
or a custom layout.
DatePickerDialog or TimePickerDialog : A dialog with a pre-defined UI that allows the
user to select a date or time.
Example (DatePickerDialog)(java code)
DatePickerDialog datePickerDialog = new DatePickerDialog(this, (view, year, month, dayOfMonth) -> {
// Handle date selection
}, initialYear, initialMonth, initialDay);
datePickerDialog.show();
These UI components can be customized and combined to create a wide range of user interfaces in
Android apps, allowing you to build rich and interactive experiences for your users.

15) Explain interfacing between fragments and Activities?

Ans: Interfacing Between Fragments and Activities: Fragments can communicate with their
hosting Activity and other fragments in several ways:
 Interface Callbacks: Define an interface in the fragment and implement it in the Activity to handle
fragment events.

 ViewModel: Use a shared ViewModel to share data between fragments and the host Activity.

 Direct Reference: Obtain a reference to the hosting Activity and call its methods or access its
properties directly.
 Event Bus: Use an event bus library (e.g., EventBus, LiveData) to publish and subscribe to
events within fragments and Activities.

 Bundle: Pass data between fragments using a Bundle when creating or replacing fragments.
Bundle bundle = new Bundle();
bundle.putString("key", "value");
MyFragment fragment = new MyFragment();
fragment.setArguments(bundle);
 Working with fragments allows you to create flexible and modular UIs in Android applications.
Understanding the fragment lifecycle and effective communication between fragments and
Activities is essential for building robust Android apps.
How to use Fragments?
This involves number of simple steps to create Fragments.

 First of all decide how many fragments you want to use in an activity. For example let's we want
to use two fragments to handle landscape and portrait modes of the device.

 Next based on number of fragments, create classes which will extend the Fragment class. The
Fragment class has above mentioned callback functions. You can override any of the functions
based on your requirements.

 Corresponding to each fragment, you will need to create layout files in XML file. These files
will have layout for the defined fragments.

 Finally modify activity file to define the actual logic of replacing fragments based on your
requirement.
Types of Fragments
Basically fragments are divided as three stages as shown below.

 Single frame fragments − Single frame fragments are using for hand hold devices like mobiles, here
we can show only one fragment as a view.
 List fragments − fragments having special list view is called as list fragment

 Fragments transaction − Using with fragment transaction. we can move one fragment to another
Fragment
 16) Explain User Interface components Editable and non-editable Text Views with
examples?

Ans::User Interface (UI) components

User Interface (UI) components are the building blocks of an Android app's user
interface.They allow you to interact with and display information to the user. Here are some common
UIcomponents, including editable and non-editable text views, buttons, radio buttons, toggle
buttons,checkboxes, spinners, and dialog/picker components:
1. Editable Text Views:

EditText: An EditText is an editable text field that allows users to input text or numbers. It's oftenused
for forms and text input fields.
Example:
<EditText
android:id="@+id/editText"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter text" />

EditText Attributes
Following are the important attributes related to EditText control. You can check Android official
documentation for complete list of attributes and related methods which you can use to change
these attributes are run time.
Inherited from android.widget.TextView Class −

Attribute & Description

android:autoText

If set, specifies that this TextView has a textual input method and automatically corrects some common spelling

android:drawableBottom
This is the drawable to be drawn below the text.

android:drawableRight
This is the drawable to be drawn to the right of the text.

android:editable
If set, specifies that this TextView has an input method.

android:text
This is the Text to display.

2. Non-Editable Text Views:

A TextView is a non-editable text field used to display text or labels. It's commonly used for
displaying information.
Example:
<TextView
android:id="@+id/textView"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Hello, World!" />

17) Describe types of layout and explain Linear and Grid Layout? Ans:Layouts – Linear, Relative, Grid
and Table Layout:
Layouts in Android are used to define the structure and arrangement of user interface elements
within anapp's UI. There are several types of layout managers available in Android to help you
organize and position UIcomponents efficiently. Here, I'll provide a detailed explanation of four
common types of layouts: LinearLayout, Relative Layout, Grid Layout, and Table Layout.
1. Linear Layout:

Overview: A LinearLayout arranges its child views in a single row or column, depending on
the specifiedorientation (horizontal or vertical). It is one of the simplest and most commonly
used layouts.
Attributes:
android:orientation: Specifies whether the layout should be horizontal ("horizontal") or vertical
("vertical").
android:layout_weight: Determines how much space each child view should occupy relative to
others.
Use Cases: Linear layouts are suitable for creating simple lists, forms, or menus where you want
elements to be stacked in a single direction.
Example:
<LinearLayout
android:layout_width="match_parent"
android:layout_height="match_parent"
android:orientation="vertical">

<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Name:" />

<EditText
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter your name" />

<Button
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Submit" />
</LinearLayout>
2. Grid Layout:

Overview: A GridLayout arranges child views in a grid of rows and columns. It's similar to a table
and allows you to create grid-based UIs.
Attributes:
android:rowCount and android:columnCount specify the number of rows and columns in the grid.
Child views can have attributes like android:layout_row, android:layout_column,
android:layout_rowSpan, and
android:layout_columnSpan to control their placement within the grid.
Use Cases: Grid layouts are suitable for creating grid-based UIs such as game boards, calendars, or
image galleries.
Example:
<GridLayout
android:layout_width="match_parent"
android:layout_height="match_parent"
android:rowCount="2"
android:columnCount="2">

<Button
android:text="Button 1"
android:layout_row="0"
android:layout_column="0" />

<Button
android:text="Button 2"
android:layout_row="0"
android:layout_column="1" />

<Button
android:text="Button 3"
android:layout_row="1"
android:layout_column="0" />
<Button
android:text="Button 4"
android:layout_row="1"
android:layout_column="1" />
</GridLayout>

18) Write about Fragment states and how to add fragments to Activity?
Ans:Fragment States:
Fragments can be in one of the following states:
Active: Fragment is visible and interactive within the Activity.
Inactive: Fragment is added to the Activity but not currently visible.
Stopped: Fragment is no longer visible but still attached to the Activity.
Destroyed: Fragment is detached from the Activity and is no longer in memory.
Adding Fragments to Activity:
You can add fragments to an Activity's layout XML file using the <fragment> tag or dynamically
within the Activity's code using a FragmentManager.
// Dynamically add a fragment to an Activity
FragmentManager fragmentManager = getSupportFragmentManager();
FragmentTransaction transaction = fragmentManager.beginTransaction();
transaction.add(R.id.fragment_container, new MyFragment());
transaction.commit();
Adding, Removing, and Replacing Fragments with Fragment Transactions:
You can use FragmentTransaction to add, remove, or replace fragments within an Activity.
Here are some common methods:
· add(int containerViewId, Fragment fragment, String tag): Adds a fragment to the specified
container.
· remove(Fragment fragment): Removes a fragment from the container.
· replace(int containerViewId, Fragment fragment, String tag): Replaces an existing fragment with a
new one.
· addToBackStack(String name): Adds the transaction to the back stack, allowing users to navigate
back to the previous fragment
Types of Fragments:
Basically fragments are divided as three stages asshown below.

· Single frame fragments − Single frame fragments are using for hand hold devices like mobiles, here
we can show only one fragment as a view.
· List fragments − fragments having special list view is called as list fragment
· Fragments transaction − Using with fragment transaction. we can move one fragment to another
fragment.
19) Write in detail about Device and pixel density independent measuring units? Ans: Measurements – Device
and pixel density independent measuring units
One of the most crucial factors to consider while developing an Android Application is the
Responsiveness of the UI. It’s very important that your app looks good on all kinds of devices. Mobile
devices can have different screen sizes as well as different pixel densities. Using constant values to
define the sizes while designing the UI of an Android Application can sometimes lead to the app
looking good on a few devices but looking jarring on some other devices. To avoid such issues, the
Android team developed the concept of using Density Independent Pixels (dp, dip, sp) for defining
sizes. To understand this concept, we’d first have to learn about a few basic terminologies:
Pixel – The smallest addressable element in an image.
Pixel density – The number of pixels that are present per unit area in a screen. The pixel density of a
screen can be calculated using the following formula.
Screen density = Screen width (or height) in pixels / Screen width (or height) in inches
Understanding how pixels work
Here, we have created a component, defining its sizes using pixels (2px x 2px). On visualizing it, we
can see that the exact same component looks different on devices with different screen densities.
Viewing a component of size 2px x 2px on screens with different pixel densities
Based on the above pictures, the following observations can be made:
On devices with higher pixel density, the component looks smaller as the screen has a greater
number of pixels.On devices with lower pixel density, it looks larger as the screen has a fewer
number of pixels. Such difference can cause an uncomfortable user experience while building
applications that would cater to numerous users.
Working with dp and sp
Density Independent Pixel is an abstract unit that is based on the density of a screen. These units are
relative to the density of the screen and get adjusted according to it. Following up on the example
given above, let’s now use dp for defining the size of the component instead.

Using dp concept to create a more responsive design that looks proportional across all screen sizes
Now, you can see that by using dp, the number of pixels occupied the component is held proportional
to the screen density. i.e. The number of pixels occupied increases/decreases with an
increase/decrease in pixel density. This allows the developer to size their widgets in proportion to the
screen size and density, thus creating user interfaces that look great on all mobile devices. Both dp and
sp follow this concept and can be used almost identically, albeit with a few differences.
dp sp

It stands for density- independent pixel. It is also

sometimes denoted as dip.
It stands for scale independent pixel.

It used for defining the sizes in all widgets, It is used for defining text size, as it scales
ranging from TextView to LinearLayout according to the font size preference on a mobile
device.

Example
Here, we have created a responsive Button component using the concepts learned above, using dp for
defining its height and weight, while using sp for defining the text size.
XML
<Button
android:layout_width="75dp"
android:layout_height="60dp"
android:textSize="18sp" />
Android provides several common UI controls, widgets, and Layout Managers.
For most graphical applications, it’s likely that you’ll need to extend and modify these
standard Views — or create composite or entirely new Views — to provide your own user
experience.
20) Explain with examples about Buttons, Radio and Toggle Buttons?
Ans:Buttons:
A Button is a UI component that the user can click to trigger an action or perform an
operation.

Example:
<Button
android:id="@+id/button"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Click Me" />
Radio Buttons:
Radio buttons are used in groups where only one option can be selected at a time.
RadioGroup: A RadioGroup is used to group multiple RadioButtons so that they work as a single unit

Example:
<RadioGroup
android:id="@+id/radioGroup">

<RadioButton
android:id="@+id/radioOption1"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Option 1" />

<RadioButton
android:id="@+id/radioOption2"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Option 2" />
</RadioGroup>
Toggle Buttons:
A ToggleButton is a button that toggles between two states (e.g., on/off).

Example:
<ToggleButton
android:id="@+id/toggleButton"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:textOn="On"
android:textOff="Off" />
 UNIT 3
1. List types of intents and explain in detail with examples?
A. An Android Intent is an abstract description of an operation to be performed. It can be
used with startActivity to launch an Activity, broadcastIntent to send it to any
interested BroadcastReceiver components, and startService(Intent) or
bindService(Intent, ServiceConnection, int) to communicate with a background
Service.

Types of Intents :
There are following two types of intents supported by Android

 Explicit Intents:
Explicit intent going to be connected internal world of application,suppose if you wants
to connect one activity to another activity, we can do this quote by explicit intent, below
image is connecting first activity to second activity by clicking button.
These intents designate the target component by its name and they are typically used for
application- internal messages - such as an activity starting a subordinate service or
launching a sister activity. For example –
// Explicit Intent by specifying its class name
Intent i = new Intent(FirstActivity.this, SecondActivity.class);
// Starts TargetActivity
startActivity(i);

 Implicit Intents :These intents do not name a target and the field for the component
name is left blank. Implicit intents are often used to activate components in other
applications. For example –
Intent read1=new Intent();
read1.setAction(android.content.Intent.ACTION_VIEW);
read1.setData(ContactsContract.Contacts.CONTENT_URI);
startActivity(read1);
Above code will give result as shown below

The target component which receives the intent can use the getExtras() method to get
the extra data sent by the source component. For example −
 //Getbundleobjectatappropriateplaceinyourcode
Bundleextras=getIntent().getExtras();
//Extractdatausingpassedkeys
Stringvalue1=extras.getString("Key1");
Stringvalue2=extras.getString("Key2");

2. Define intent and explain passing data to intents?

A. An Android Intent is an abstract description of an operation to be performed. It can be
used with startActivity to launch an Activity, broadcastIntent to send it to any
interested BroadcastReceiver components, and startService(Intent) or
bindService(Intent, ServiceConnection, int) to communicate with a background
Service.

Passing Data to Intents

When it is necessary to pass data between components, Intents can carry additional
information through extras. These extras are essentially key-value pairs that allow
developers to send data along with the intent.

How to Pass Data

 Adding Extras: You can use the putExtra() method to attach data to an intent. The
data can be of various types, including primitive types (like int and String),
Serializable objects, or Parcelable objects.
 Retrieving Extras: In the receiving component (like an activity), you can retrieve
the data from the intent using methods such as getStringExtra() or getIntExtra(),
specifying the same key used to store the data.
Supported Data Types
The types of data that can be passed through intents include:
 Primitive Data Types: Such as int, float, boolean, etc.
 Strings: Used to pass textual data.
 Serializable Objects: Any object that implements the Serializable interface.
 Parcelable Objects: A more efficient way of passing complex data types,
where objects implement the Parcelable interface.

Following table lists down various important Android Intent Standard Extra Data

Sr.No Extra Data & Description

1 EXTRA_ALARM_COUNT
Used as an int extra field in AlarmManager intents to tell the application being invoked how
many pending alarms are being delievered with the intent.
2 EXTRA_ALLOW_MULTIPLE
 Used to indicate that a ACTION_GET_CONTENT intent can allow the user to select and return
multiple items.
3 EXTRA_ALLOW_REPLACE
Used as a boolean extra field with ACTION_INSTALL_PACKAGE to install a package.
4 EXTRA_BCC
A String[] holding e-mail addresses that should be blind carbon copied.
5 EXTRA_CC
A String[] holding e-mail addresses that should be carbon copied.
6 EXTRA_CHANGED_COMPONENT_NAME_LIST
This field is part of ACTION_PACKAGE_CHANGED, and contains a string array of all of the
components that have changed.
7 EXTRA_DATA_REMOVED
Used as a boolean extra field in ACTION_PACKAGE_REMOVED intents to indicate whether
this represents a full uninstall or a partial uninstall
8 EXTRA_DOCK_STATE
Used as an int extra field in ACTION_DOCK_EVENT intents to request the dock state.
9 EXTRA_DOCK_STATE_CAR
Used as an int value for EXTRA_DOCK_STATE to represent that the phone is in a car dock.
10 EXTRA_DOCK_STATE_DESK
Used as an int value for EXTRA_DOCK_STATE to represent that the phone is in a desk dock.

3. Explain using Intent to send SMS?

A. In Android, Intents are a powerful mechanism for communication between different
components of an application or between applications. When it comes to sending SMS, you
can leverage the system's default SMS application to facilitate the process, allowing users to
send messages without the need for your app to directly manage SMS sending.

Steps to Send SMS Using Intent:

 Creating the Intent:
You initiate the process by creating an Intent that specifies the action to be performed.
For sending SMS, you use the action Intent.ACTION_SENDTO, which indicates that
you want to send data to another application.
Intent smsIntent = new Intent(Intent.ACTION_SENDTO);
 Setting the Data:
You provide a data URI formatted as smsto:<phone_number>, where <phone_number> is
the recipient's phone number. This tells the system that the Intent is intended for sending
an SMS.
smsIntent.setData(Uri.parse("smsto:1234567890")); // Replace with actual phone number
 Adding Extras:
 You can add additional information to the Intent, such as the body of the SMS, using
key-value pairs. The key for the message body is typically "sms_body". This allows
you to pre-fill the message content that the user can see when the SMS application
opens. smsIntent.putExtra("sms_body", "Hello, this is a test message!");
 Starting the Activity:
You then launch the SMS application by calling startActivity() with the created Intent.
This prompts the system to open the default SMS app, where the user can review and
send the message.
startActivity(smsIntent);

Advantages of Using Intents for SMS:

 User Control: By opening the SMS app, users have the chance to review, edit, and
confirm the message before sending it. This ensures that they are sending the message
they intend to.
 Simplicity: This method reduces the complexity of your application, as you do not need
to handle SMS permissions or the sending process directly. It leverages existing SMS
functionalities provided by the device.
 Integration with Other Features: Users can benefit from additional features offered by
the SMS app, such as access to their contact list, message history, and SMS templates.

4. Define Broad casting and explain how to Use Intent filters to service implicit Intents?
A.Broadcasting in Android
Broadcasting in Android refers to the mechanism that allows applications to send or receive
messages to/from multiple components within the system. It is primarily done using
Broadcast Receivers, which listen for and respond to specific events or messages.

Implicit Intents
Implicit Intents are used when you want to perform an action without specifying the exact
component (like an Activity or Service) to handle the action. Instead, you declare an action
and possibly some data, and the system finds an appropriate component based on the intent
filter defined in the manifest.

Steps to Use Intent Filters for Implicit Intents:

Using Intent Filters with Broadcast Receivers

To enable a Broadcast Receiver to respond to implicit intents, you need to use Intent Filters.
Intent filters declare the capabilities of a component, indicating the types of intents that the
component can respond to.

Broadcast Receivers simply respond to broadcast messages from other applications or

from the system itself. These messages are sometime called events or intents. For
example, applications can also initiate broadcasts to let other applications know that
some data has been downloaded to the device and is available for them to use, so this is
broadcast receiver who will intercept this communication and will initiate appropriate
action.
 Registering Broadcast Receiver :
There is one additional steps in case you are going to implement your custom intents then
you will have to create and broadcast those intents.

 Creating the Broadcast Receiver:

A broadcast receiver is implemented as a subclass of BroadcastReceiver class and
overriding the onReceive() method where each message is received as a Intent object
parameter.
public class MyReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
Toast.makeText(context, "Intent Detected.", Toast.LENGTH_LONG).show();
}
}
Registering Broadcast Receiver:
An application listens for specific broadcast intents by registering a broadcast receiver in
AndroidManifest.xml file. Consider we are going to register MyReceiver for system
generated event ACTION_BOOT_COMPLETED which is fired by the system once the
Android system has completed the boot process.

Broadcast-Receiver
<application android:icon="@drawable/ic_launcher" android:label="@string/app_name"
android:theme="@style/AppTheme" >
<receiver android:name="MyReceiver">
 <intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED">
</action>
</intent-filter>
</receiver>
</application>
public class MyReceiver extends BroadcastReceiver { @Override
public void onReceive(Context context, Intent intent) { Toast.makeText(context, "Intent
Detected.", Toast.LENGTH_LONG).show();
}
}

5. Describe explicitly starting new Activity with example?

A. Explicitly Starting a New Activity in Android
In Android, you can start a new Activity explicitly by specifying the exact class of the
Activity you want to launch. This is done using an Intent that specifies both the action to
perform and the target Activity class.

Steps to Start a New Activity Explicitly

1. Create the Target Activity: First, ensure that the Activity you want to start is defined in
your project.
2. Create an Intent: Instantiate an Intent that specifies the current context and the class of the
Activity you want to start.
3. Start the Activity: Use the startActivity() method with the created Intent to launch the new
Activity.

Example

Step 1: Define the Target Activity

Let's assume you have a target Activity called SecondActivity. Here’s a simple definition:

package com.example.myapp;

import android.os.Bundle;

import androidx.appcompat.app.AppCompatActivity;
public class SecondActivity extends AppCompatActivity {

@Override

protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState);

setContentView(R.layout.activity_second); // Reference to the layout for this Activity

Step 2: Create an Intent in the Source Activity

In your source Activity (let's say MainActivity), you can create an Intent to start SecondActivity
explicitly.

package com.example.myapp;

import android.content.Intent;

import android.os.Bundle;

import android.view.View;

import android.widget.Button;

import androidx.appcompat.app.AppCompatActivity;

public class MainActivity extends AppCompatActivity {

@Override

protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState);

setContentView(R.layout.activity_main); // Reference to the layout for this Activity

 Button startSecondActivityButton = findViewById(R.id.start_second_activity_button);

startSecondActivityButton.setOnClickListener(new View.OnClickListener() {

@Override

public void onClick(View v) {

// Create an explicit Intent to start SecondActivity

Intent intent = new Intent(MainActivity.this, SecondActivity.class);

startActivity(intent); // Start the new Activity

});

Step 3: Add Activities to the Manifest

Make sure both activities are declared in your AndroidManifest.xml file:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"

package="com.example.myapp">

<application

android:allowBackup="true"

android:icon="@mipmap/ic_launcher"

android:label="@string/app_name"

android:theme="@style/Theme.AppCompat.Light.DarkActionBar">

<activity android:name=".MainActivity">
 <intent-filter>

<action android:name="android.intent.action.MAIN" />

<category android:name="android.intent.category.LAUNCHER" />

</intent-filter>

</activity>

<activity android:name=".SecondActivity" />

</application>

</manifest>

6. Explain Implicit Intent with example?

A. Implicit Intents in Android

Implicit Intents are used in Android to request an action without specifying the exact
component (such as an Activity or Service) that should handle it. Instead, you define the action
and, optionally, the data, and the Android system determines the appropriate component to
handle the request based on the intent filters declared in the manifest of the apps installed on the
device.

Key Characteristics of Implicit Intents

1. Action: The action you want to perform (e.g., viewing a webpage, sending an SMS).
2. Data: Optional data associated with the action (e.g., a URI to a webpage or a contact).
3. Categories: Optional categories that further define the intent (e.g., CATEGORY_DEFAULT).

Implicit intents are often used to activate components in other applications. For example –

Intent read1=new Intent();

read1.setAction(android.content.Intent.ACTION_VIEW);
read1.setData(ContactsContract.Contacts.CONTENT_URI);
startActivity(read1);
Above code will give result as shown below

The target component which receives the intent can use the getExtras() method to get the extra data
sent by the source component. For example −
//Getbundleobjectatappropriateplaceinyourcode
Bundleextras=getIntent().getExtras();
//Extractdatausingpassedkeys
Stringvalue1=extras.getString("Key1");Stringvalue2=extras.getString("Key2");

7. Write in detail about explicit intent with example?

A. Explicit Intents :
Explicit intent going to be connected internal world of application,suppose if you wants
to connect one activity to another activity, we can do this quote by explicit intent, below
image is connecting first activity to second activity by clicking button. Unlike implicit
intents, which let the system determine which component to use based on the action
and data, explicit intents explicitly define the target component using its class name.
Key Characteristics of Explicit Intents

1. Target Component: You specify the exact component (Activity, Service, or

Broadcast Receiver) you want to start.
2. Action: You can also specify an action, but it’s not strictly necessary since the target
component is already defined.
3. Data: You can include additional data to be passed to the target component.

These intents designate the target component by its name and they are typically used for
application- internal messages - such as an activity starting a subordinate service or
launching a sister activity. For example –
// Explicit Intent by specifying its class name
Intent i = new Intent(FirstActivity.this, SecondActivity.class);
// Starts TargetActivity
startActivity(i);

8. Write the steps using intents to launch Activities?

A. Introduction to Launching Activities Using Intents in Android

In Android, an Activity represents a single screen with a user interface. When building applications,
you often need to navigate between different Activities to display various content or features.
Intents are the mechanism that enables this navigation.
An Intent is a messaging object that you can use to request an action from another app component. In
the context of launching Activities, Intents allow you to start a new Activity either within your own
app or in another app.

There are two main types of Intents:

 Explicit Intents: Used to start a specific Activity by explicitly specifying the target class.
 Implicit Intents: Used to request an action without specifying a component, allowing the
system to choose an appropriate Activity based on intent filters.

This guide focuses on explicit intents, which are commonly used for navigation within the same
application.

Steps to Launch Activities Using Intents

1. Create the Target Activity:

o Define the new Activity that you want to launch. This involves creating a new class
that extends AppCompatActivity (or another Activity type). This Activity will
contain the UI and logic you want to display when it is started.
2. Declare the Activity in the Manifest:
o Update your AndroidManifest.xml file to declare the new Activity. This is necessary
for the Android system to recognize the Activity and allow it to be launched.
3. Create the Intent in the Source Activity:
o In the Activity that will initiate the launch (the source Activity), create an Intent. This
Intent specifies the current context (the source Activity) and the target Activity class
you wish to start.
4. Start the Activity:
o Use the startActivity() method with the created Intent to launch the new Activity.
This method tells the system to begin the specified Activity.
5. (Optional) Pass Data Between Activities:
o If you want to send data from the source Activity to the target Activity, you can add
this data to the Intent using extras. This allows the target Activity to retrieve the
data when it starts.
6. Handle Back Navigation:
o When the new Activity is launched, the previous Activity remains in the back stack.
Ensure that your Activities are designed to handle back navigation, allowing users to
return to the previous screen using the back button.

9. Explain Broadcast Receiver in Detail?

A.Broadcast Receivers simply respond to broadcast messages from other applications or from the
system itself. These messages are sometime called events or intents. For example, applications can also
initiate broadcasts to let other applications know that some data has been downloaded to the device and is
available for them to use, so this is broadcast receiver who will intercept this communication and will
initiate appropriate action.
Broadcast Receivers simply respond to broadcast messages from other applications or from the
system itself. These messages are sometime called events or intents. For example, applications can
also initiate broadcasts to let other applications know that some data has been downloaded to the
device and is available for them to use, so this is broadcast receiver who will intercept this
communication and will initiate appropriate action. There are following two important steps to make
BroadcastReceiver works for the system broadcasted94 intents –
  Creating the Broadcast Receiver.
 Registering Broadcast Receiver

There is one additional steps in case you are going to implement your custom intents then you will
have to create and broadcast those intents.
Creating the Broadcast Receiver
A broadcast receiver is implemented as a subclass of BroadcastReceiver class and
overriding the onReceive() method where each message is received as a Intent object
parameter.
public class MyReceiver extends BroadcastReceiver { @Override
public void onReceive(Context context, Intent intent) { Toast.makeText(context, "Intent Detected.",
Toast.LENGTH_LONG).show();
}
}
Registering Broadcast Receiver
An application listens for specific broadcast intents by registering a broadcast receiver in
AndroidManifest.xml file. Consider we are going to register MyReceiver for system
generated event ACTION_BOOT_COMPLETED which is fired by the system once the
Android system has completed the boot process.
 <application android:icon="@drawable/ic_launcher" android:label="@string/app_name"
android:theme="@style/AppTheme" >
<receiver android:name="MyReceiver">
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED">
</action>
</intent-filter>
</receiver>
</application>
public class MyReceiver extends BroadcastReceiver { @Override
public void onReceive(Context context, Intent intent) { Toast.makeText(context, "Intent Detected.",
Toast.LENGTH_LONG).show();
}
}
Now whenever your Android device gets booted, it will be intercepted by BroadcastReceiver
MyReceiver and implemented logic inside onReceive() will be executed.

10. Write about Native Actions from ies in Android

In Android, native actions refer to built-in capabilities provided by the platform that can be invoked
from within an Activity. These actions allow developers to leverage common functionalities without
having to implement them from scratch. Some examples include sharing content, sending SMS, taking
photos, and more. By using native actions, you enhance user experience and ensure consistency across
applications.

Common Native Actions

Here are some common native actions you can invoke from Activities:

1. Sharing Content:
o You can allow users to share text, images, or links with other apps (like social media
or messaging apps) using the Intent.ACTION_SEND action. This invokes a chooser
dialog, letting users select their preferred app.
2. Opening URLs:
o To open a web page in a browser, you can use Intent.ACTION_VIEW with a URI.
This allows users to view web content without leaving your app.
3. Sending SMS:
o You can use Intent.ACTION_SENDTO to send SMS messages directly. This
invokes the default messaging app, allowing users to send text messages.
 4. Taking Photos or Capturing Video:
o You can launch the camera app using
Intent(MediaStore.ACTION_IMAGE_CAPTURE) to take pictures or record videos.
This is useful for apps that require user-generated content.
5. Selecting Contacts:
o You can prompt users to pick a contact from their contacts list using
Intent.ACTION_PICK with a contact URI. This is helpful for apps that need
to reference user contacts.
6. Viewing Maps:
o You can launch a mapping application to display a location using
Intent.ACTION_VIEW with a geo URI. This allows users to see directions or
explore locations directly.

Steps to Use Native Actions

1. Create an Intent:
o Create an Intent with the appropriate action (e.g., Intent.ACTION_SEND for sharing).
2. Set the Data:
o Depending on the action, you might need to set additional data (e.g., a URI for a
web link or an image).
3. Start the Activity:
o Use startActivity() to invoke the Intent, which opens the appropriate app or activity.
4. Handle Results (if applicable):
o For actions that require a response (like picking an item), use startActivityForResult()
and handle the results in onActivityResult().
 UNIT-4
Write a short note on
i. Physical Security
ii. ii. Secure Data Storage
iii. iii. Safe Browsing Environment
ANS:-
Mobile Application and Development Security (MADS)
Security is a critical aspect of mobile application development to protect users, data, and
systems from potential threats. Below is a detailed explanation of key security components:
i. Physical Security
Physical security safeguards the device and development environment, ensuring unauthorized
access to the mobile application or its backend systems is prevented.
 Device-Level Security: Implements features like PINs, passwords, fingerprint
scanning, and facial recognition to protect against unauthorized use.
 Remote Management: Allows for remote locking or wiping of data in case the device
is lost or stolen.
 Secure Development Facilities: Restrict access to the physical spaces where apps are
developed or tested, using biometric systems or key cards to prevent tampering with
hardware or software.
ii. Secure Data Storage
Mobile applications often handle sensitive user information, and its secure storage is paramount
to prevent breaches.
 Data Encryption: Encrypt sensitive data both at rest (using AES or other strong
encryption standards) and in transit (using TLS).
 Secure Containers: Store data in sandboxed environments to isolate it from other
applications.
 Access Controls: Implement robust authentication and authorization mechanisms to
ensure only authorized users or systems access sensitive data.
 Regular Audits: Conduct security audits to identify and address storage-related
vulnerabilities.
iii. Safe Browsing Environment
Many mobile applications integrate web-based features, making a safe browsing environment
essential to prevent cyber threats.
 Enforce Secure Protocols: Ensure all communications between the app and server
occur over HTTPS.
  Web View Security: If using web views, disable JavaScript unless necessary and
enforce strict controls to prevent execution of malicious code.
 Content Security Policy (CSP): Implement CSP to restrict the sources of content that
the application can load, reducing the risk of cross-site scripting (XSS) attacks.
 Regular Updates: Keep libraries, frameworks, and components up-to-date to patch
known vulnerabilities.
 User Education: Inform users about safe browsing practices, such as recognizing
phishing attempts and avoiding untrusted links.
2. Explain in detail about Virus, Worms, Trojans, Spyware, and Malware?
ANS:-
Explanation of Virus, Worms, Trojans, Spyware, and Malware in Mobile Application
and Development Security (MADS)
1. Virus
A virus is a type of malware that attaches itself to a legitimate program or file. When the
infected program is executed, the virus spreads by replicating itself.
 Characteristics:
o Needs a host file to spread.
o Can damage data, corrupt files, or disrupt system operations.
 Impact in Mobile Apps:
o Infected apps may spread malicious code, leading to data breaches or device
malfunction.
 Prevention:
o Download apps only from trusted sources (e.g., Google Play Store, Apple App
Store).
o Use mobile antivirus software and ensure regular scanning.
2. Worms
A worm is a standalone malicious program that spreads across networks or devices without
requiring a host file. Worms exploit vulnerabilities in software or operating systems.
 Characteristics:
o Self-replicating and spreads independently.
o Consumes system resources, slowing down devices or causing crashes.
 Impact in Mobile Apps:
o Worms can exploit vulnerabilities in apps, affecting networked systems and
potentially distributing payloads like ransomware.
  Prevention:
o Regularly update applications and operating systems to patch vulnerabilities.
o Implement firewalls and intrusion detection systems.
3. Trojans
A Trojan is a type of malware disguised as legitimate software, tricking users into installing it.
Once installed, it performs malicious activities like data theft or unauthorized access.
 Characteristics:
o Does not replicate itself.
o Often disguised as useful or popular apps.
 Impact in Mobile Apps:
o Trojans can steal user credentials, financial information, or inject additional
malware.
 Prevention:
o Verify app permissions and avoid installing apps from unofficial or third-party
sources.
o Educate users to avoid phishing links that deliver Trojans.
4. Spyware
Spyware is designed to secretly monitor user activity and collect sensitive information such as
keystrokes, passwords, or browsing habits.
 Characteristics:
o Operates covertly, often undetected by the user.
o May come bundled with legitimate apps or downloaded through malicious
links.
 Impact in Mobile Apps:
o Threatens user privacy and can lead to identity theft or financial fraud.
 Prevention:
o Limit app permissions to access sensitive data only when absolutely necessary.
o Use anti-spyware tools and monitor app behavior regularly.
5. Malware
Malware is a broad term encompassing all malicious software, including viruses, worms,
Trojans, ransomware, adware, and spyware. It is designed to damage systems, steal data, or
gain unauthorized access.
 Characteristics:
 o Can be delivered through malicious apps, phishing links, or compromised
networks.
o May perform multiple harmful actions, such as encrypting files, stealing data,
or displaying intrusive ads.
 Impact in Mobile Apps:
o Compromised apps can harm users and damage the app's reputation.
o May result in financial losses or legal consequences if user data is stolen.
 Prevention:
o Employ secure coding practices to prevent vulnerabilities.
o Use application security testing tools to identify potential threats during
development.
o Regularly audit and update apps to address new threats.

33 .Write a short note on

i. Location
ii. Privacy
iii. Cross-Site Request Forgery
i. Location
In mobile applications, location services enable apps to access a user’s geographic position,
enhancing features like navigation, location-based recommendations, and emergency services.
 Significance: Used in applications such as maps, ride-sharing, or weather updates.
 Security Concerns:
o Unauthorized access to location data can lead to privacy breaches.
o Misuse of location data can result in tracking or profiling of users.
 Best Practices:
o Request location permissions only when necessary.
o Use location data minimally and anonymize it if possible.
o Clearly communicate why location data is needed to the user.
ii. Privacy
Privacy in mobile applications ensures the protection of user data and compliance with
regulations like GDPR or CCPA. It involves collecting, storing, and using data responsibly.
 Key Aspects:
o Minimize data collection to only what is essential.
 o Protect sensitive data (e.g., personal information, financial details) with
encryption.
o Inform users about data usage through clear and concise privacy policies.
 Importance: Builds user trust, prevents misuse of data, and ensures compliance with
laws.
iii. Cross-Site Request Forgery (CSRF)
CSRF is a type of attack where an attacker tricks a user into performing unwanted actions on
a trusted web application where they are authenticated.
 How It Works:
o The attacker crafts a malicious link or script and tricks the user into clicking it.
o The user’s authenticated session is exploited to execute unauthorized actions.
 Impact:
o Can lead to data breaches, unauthorized transactions, or account takeovers.
 Prevention:
o Use anti-CSRF tokens to validate the legitimacy of user requests.
o Implement SameSite cookies to restrict cookies from being sent with cross-site
requests.
o Verify user actions with multi-factor authentication for sensitive operations.
34 .Explain the Tips for Secure Mobile Application Development?
ANS:- Tips for Secure Mobile Application Development
Secure mobile application development ensures that apps are resistant to cyber threats,
protecting user information and fostering trust.
1. **Secure Code Practices**
Write clean, modular, and well-documented code to avoid vulnerabilities. Code should be
scanned periodically against possible vulnerabilities using static and dynamic analysis tools.
- Obfuscate and minify code to make it harder for attackers to reverse-engineer.
2. **Use Strong Authentication and Authorization**
- Implement robust user authentication mechanisms, such as multi-factor authentication
(MFA).
- Use OAuth 2.0 or OpenID Connect for secure authorization.
- Limit user permissions to the minimum necessary (principle of least privilege).
3. **Data Encryption**
- Safeguard sensitive data at rest and in motion through the use of strong encryption such as
AES-256 and TLS.
- Only store the sensitive information, including passwords or payment information, on the
device if is absolutely unavoidable to do so.
- Make use of secure storage APIs from the platform using iOS Keychain or Android Keystore.
4. Secure APIs
- Protect backend APIs with secure authentication mechanisms like API keys or tokens.
- Validate and sanitize all inputs to prevent injection attacks.
- Implement rate limiting and monitoring to detect suspicious activities.
5. **Handle Sensitive Data Carefully**
- Avoid hardcoding sensitive information such as API keys, credentials, or encryption keys in
the app.
Maintain ongoing review and removal of any sensitive data that is not needed within the app
or server.
User data must be anonymized or pseudonymized where possible.
6. **Use Secure Network Connections**
Use HTTPS for all communications between the app and the server.
For the most sensitive applications, use VPNs or secure communication libraries
Implement certificate pinning, to protect against man-in-the-middle attacks.
7. **Secure Third-Party Libraries and Frameworks** - Use only trusted libraries and
frameworks that are actively maintained.
Regularly update third-party dependencies to patch vulnerabilities.
- Reduce unneeded libraries that can reduce the attack surface.
8. **Penetration Testing** for Vulnerability
Regularly perform penetration testing to detect security vulnerabilities in the app.
Fuzz testing by sending something other than expected inputs to detect vulnerabilities in the
app.
Simulate an attack on the app and test how it will respond when a malicious condition arises.
9. **User Education**
Give the user clear guidelines on safe practices such as avoiding untrusted networks or
downloads. Provide good error messages that don't leak sensitive information. The app must
be frequently updated to fix bugs and add security patches.
35. Describe how to implement Strict Use and Enforcement of SSL?
ANS:-
Implementing Strict Use and Enforcement of SSL in MADS
SSL nowadays is considered primarily as the part of its successor, TLS (Transport Layer
Security), ensures a secure way to communicate between mobile applications and the server. It
is essential to implement strict usage and enforcement of SSL/TLS in MADS to avoid sensitive
data from being vulnerable to eavesdropping, tampering, and MITM attacks.
1. Use HTTPS for All Communication**
- Make sure that all communications between mobile app and servers are sent over HTTPS and
not HTTP.
- Update the backend server to serve over HTTPS with proper SSL/TLS certificates.
- Use the most updated encryption protocol, such as TLS 1.2 or 1.3; do not use legacy protocols,
like SSL 3.0 or TLS 1.0/1.1.
2. Certificate Pinning**
- Pin server certificates in the mobile app so that it only communicates with trusted servers.
- Utilize the public keys of the server's certificate instead of entire certificates so that problems
don't crop up with the renewal of certificates.
- Update pinned certificates periodically in synchronization with updating of servers.
3. Validate SSL/TLS Certificates**
- Ensure the mobile app validates the server's SSL/TLS certificate before establishing a
connection.
- Reject connections to servers with self-signed, expired, or improperly configured certificates.
- Use standard libraries for certificate validation to avoid custom implementations, which can
introduce vulnerabilities.
4. Enforce HSTS (HTTP Strict Transport Security)**
- Configure servers to use HSTS to enforce HTTPS connections for all requests.
- Include the HSTS header in the server response:
Strict-Transport-Security: max-age=31536000; includeSubDomains
- This ensures that the app cannot downgrade to an insecure HTTP connection.
5. Use Secure Libraries and APIs**
- Implement the latest secure libraries and APIs offered by mobile platforms, like
`NSURLSession` in iOS or `HttpsURLConnection` in Android, for network operations.
- Refrain from using legacy or custom implementations of SSL/TLS protocols.
6. Prevent Man-in-the-Middle (MITM) Attacks
Implement protection mechanisms for detecting and preventing MITM attacks:
- Use SSL/TLS inspection to identify suspicious certificates.
- Certificate transparency: detect rogue certificates issued by compromised Certificate
Authorities (CAs).
7. Security Testing on Regular Interval
- Use SSL Labs or OpenVAS to scan SSL/TLS for vulnerabilities.
- Their test looks for weak cipher suites, misconfigured certificates, or insecure server
configurations among others.
8. Educate Developers and Users
Train developers about why SSL/TLS should be used and best practices in implementation.
Educate users to stay away from insecure Wi-Fi networks or connections that trigger warnings
about invalid certificates.
36. Write about Isolation, Information Disclosure reasons and security issues?
ANS:-
Isolation, Information Disclosure, and Security Issues in Mobile Application and Development
Security (MADS)
In Mobile Application and Development Security (MADS), ensuring data confidentiality,
integrity, and secure functionality often involves addressing isolation, preventing information
disclosure, and mitigating security issues.
1. Isolation
Definition : Isolation refers to separating application processes, data, and environments to
minimize the impact of potential vulnerabilities or attacks.
Role in MADS
- Safe data against unauthorized access.
- Ensures that a compromised component does not influence other components.
- Allows the secure running of applications on shared environments.
Key Isolation Techniques
Sandboxing: The mobile operating systems, such as Android and iOS, enforce sandboxing to
isolate each app. This does not allow them to interact directly with each other.
Isolated Environments: Development, testing, and production environments should not leak
sensitive configurations or credentials accidentally.
Containerization: App containerization is required to separate enterprise apps and data from
personal apps on BYODs.
Permissions for the User: Restrict app permissions to only what is necessary to limit data
sharing across apps.
2. Information Disclosure
Definition
Information disclosure is the leakage of sensitive or confidential information to unauthorized
parties by accident.
**Common Causes of Information Disclosure**
1. Poor Data Storage: The storage of sensitive data (passwords, personal information, etc.) in
plaintext or an insecure location, such as shared preferences.
2. Poor Communication Security: Unencrypted transfer of data through channels, such as
using HTTP instead of HTTPS.
3. Over-Permissioned Apps: Apps that access far more sensitive device features or data than
they need.
4. Informational Error Messages: Accidently providing sensitive system or debug
information in error messages or logs.
5. Unprotected APIs: Exposing APIs without secure authentication and limiting rate
mechanisms.
Critical Security Issues:-
1. Data Leakage: Applications unwittingly release confidential information through logs and
backups or shared storage.
2. Insecure Authentication: Lack of security authentication that allows unauthenticated
access.
3. Code Tampering: Hackers decompile applications or change code to add malicious
functionalities.
4. Lax APIs: Unsecured APIs open the gates of the backend service to injection or any
unauthorized access.
5. Man-in-the-Middle Attacks: Unerypted applications allow different attacks using MITM.
6. Malware Injection: Applications that provide unvalidated inputs or downloads are
vulnerable to malware injection.
37. Write about Strong Authentication with Poor Keyboards?
ANS:-
MADS - Strong Authentication with Poor Keyboards in Mobile Application and
Development Security
This leads to strong authentication-ensuring that only legitimate and authorized users can
access a mobile application or system with the help of secure methods, such as passwords,
biometrics, or multi-factor authentication (MFA). But when users have poor-quality keyboards
within devices-for instance, low-precision touchscreens or virtual keyboards with limited
functionality-authentication processes break the usability and may lead to security weaknesses.
**Problems in Authenticated with Poor Keyboards**
1. Problematic Authentication for Complex Passwords
- Poor keyboards that have small key sizes, offer no support for special characters, or feature
no autocorrect capability may cause failures in inputting strong passwords.
- Therefore, depending on weak passwords significantly increases the potential vulnerability
to brute-force or credential-stuffing attacks.
2. High Error Rates:
- Typing errors made due to using bad keyboards can lead to an irritation of the user, who may
resort to selecting weaker passwords or saving them insecurely (for example, in plain text files).
3. Accessibility Features Not Available
- Poor keyboards often lack accessibility options for users with disabilities, which means
their participation in strong authentication processes may be possible.
4. Biometric Inputs Not Supported
Other keyboards may not support advanced authentication methods, such as fingerprint or
facial recognition; therefore, the only thing left is passwords. Strategies to Overcome Poor
Keyboards and Strong Authentication Keyboards Change to accommodate more password-
friendly requirements. Option 1: Simplify Passwords Without Compromising Security
Introduce passphrases instead of complex passwords. It is easy to type on primitive keyboards
but is still secure.
- Enforce minimum length and prevent common patterns like "123456" or "password."
Strategies to Address Strong Authentication with Poor Keyboards
1. Leverage Multi-Factor Authentication (MFA)
Add layers of security through MFA, combining a simpler password with other factors such
as:
Biometrics (fingerprints, facial recognition).
One-Time Passwords (OTPs)sent through SMS or email.
Authentication Apps (e.g., Google Authenticator, Microsoft Authenticator).
2. Use Secure Keyboard Alternatives
- Include custom secure keyboards in the app with features such as:
- Higher and spaced key arrangements that help to avoid input errors.
- Automatic ON/OFF of numeric or special character mode when needed. .
Input masking to prevent sensitive information from being viewed by others.

3. Enable Passwordless Authentication .

Use passwordless methods to decrease the use of manual entry such as: .
Magic Links: an email is sent to the user's email account and they click on it.
Push Notifications for authentication approval.
QR Code Scanning to verify identity.

4. Implement Adaptive Authentication

- Use context-aware authentication mechanisms that adjust security requirements based on:
- Device type and capabilities.
- User location and behavior.
- Network security status (such as public Wi-Fi versus a private connection).
5. Educate Users
Teach users how to generate and manage secure credentials even with device limitations.
Encourage the use of password managers to securely manage complex passwords.
38 .Explain Difficult Patching or Update Process?
ANS:-
Even for mobile applications, patches and updates are much needed to ensure security and
functionality. But a challenging process of patching or updating causes vulnerabilities, prevents
a good user experience, and hurts the security of the application.
**Problem of a Difficult Patching or Update Process**
1. Fragmented Ecosystem
- Mobile platforms, particularly Android, suffer from a huge number of devices,
manufacturers, and versions of the operating system.
- Manufacturers can sometimes behave erratically, withholding updates or leaving devices
unpached.
2. User Resistance
- Users are reluctant or delay updating apps because:
- the available storage is small.
- they fear performance will deteriorate.
- Slow internet connectivity for big updates.
3. Third-Party Dependencies
Many mobile applications rely on third-party libraries and APIs. In cases of non-maintenance
or not being updated by the third parties, they could introduce vulnerabilities into applications
which are hard to patch.
4. App Store Approval Delays
- Changes need to go through app store reviews that can slow down essential patches from
being issued to users on time.
5. Backward Compatibility Problems
- Patches and updates may end up braking functionality on older devices or clash with other
applications, making users hesitant to adopt them.
6. Complexity of Distribution
- Smooth distribution of the patches to all users in various regions and networks would be
challenging.
**Countering Strategies for Making Patching Less Painful**
1. Implementation of Over-the-Air (OTA) Updates
- Leverage OTA mechanisms for seamless and efficient patching on devices. Only delta
updates (apply only changed parts), which reduce download sizes and make users accept the
updates.
2. Educate Users
-Alert the users on the importance of updates and the risk that comes with not applying them.
- Clearly state in the benefits of updating, using nontechnical language.
3. Automated Patch Deployment
Implement mechanisms for auto update, ensuring that patches are delivered without having to
be prompted and manually installed. Allow users to choose background updates such that their
focus is not interrupted.
4. Modular Code and Design
- Design apps that, by their modular architecture, allow easy patching of selected components.
- Use dependency management tools to update third-party libraries automatically.
5.Backward Compatibility Testing
- Test patches across a range of devices and OS versions to ensure their compatibility and
minimize disruption.
6. Secure Update Delivery
- Sign all updates with digital certificates to prevent tampering.
- Deliberately make use of HTTPS for secure delivery, and apply integrity checks to confirm
the authenticity of updates.

7. Frequent Updates
Release more frequent updates as small patches rather than infrequent large patches to keep
updates easier and minimize resistance towards updates.
39. List any four Mobile Issues and Development Strategies?
ANS:-
Four Mobile Issues and Development Strategies in MADS
Mobile Application and Development Security (MADS) addresses quite a number of
challenges in the development of secure mobile apps.
1. Device Fragmentation
Problem Statement:
• Various devices have different screen sizes and are fabricated with different types of
hardware and varying operating system versions.
- Ensuring compatibility across this fragmented ecosystem can be challenging.
Development Strategy:
- Use responsive design techniques to adapt to various screen sizes.
- Test applications on multiple devices and emulators to ensure compatibility.
- Rely on platform-agnostic frameworks (e.g., React Native, Flutter) to reduce fragmentation
issues.
2. Insecure Data Storage**
Problem Statement:
Local storage of sensitive users' data on devices can be compromised due to inadequate
encryption or improper storage.
Development Plan:
Encrypt sensitive information with strong algorithms like AES-256.
Store information using secure mechanisms such as Android Keystore or iOS Keychain.
Store sensitive data if absolutely necessary only.
3. Network Security Risks Issue:
- Mobile apps typically communicate with servers and services, which puts them at risk from
attacks like man-in-the-middle (MITM) or data interception.
Development Strategy:
- Encrypt all communication using SSL/TLS encryption.
- Pin the certificate to communicate only with trusted servers.
- Implement VPNs or SSL/TLS communication libraries to add additional protection in
sensitive applications.
4. Bad battery and resource utilization
Problem
Apps using too much battery, CPU, or memory resource create bad user experience, which is
usually followed by app uninstallations.
Development Strategy
Optimize the app code to reduce the resource utilization to a minimum extent by eliminating
useless background tasks and avoid doing unnecessary network calls.
Use efficient algorithms and libraries for resource-intensive operations. Also, instruments like
Android Profiler or Xcode Instruments should be used to check for app performance
bottlenecks.
40 .List Top Issues Facing Mobile Devices with examples?
ANS:-
Mobile devices face a lot of security and performance challenges related to usability, which
can affect both developers and users.
1. Malware Attacks
Issue: Malware attacks in the forms of viruses, worms, and Trojans compromise data and
manipulate device functionality
Examples:
Banking Trojans like Hydra steal login credentials from financial apps to access money.
Spyware apps like Pegasus are monitoring user activity and extracting sensitive data.
2. Data Leakage
Problem: Apps leak sensitive user data either by some form of insecure storage or bad
management of permissions or logging.
Examples:
 Misconfigured cloud storage resulting in exposed user data, as demonstrated with apps using
unsecured AWS S3 buckets.
Social media apps accidentally exposing your contact list or location information.
3. Unsecured Wi-Fi Networks
Problem: Public Wi-Fi is easy prey for man-in-the-middle attacks and gives a hacker an
opportunity to steal data.
Examples:
Attackers intercept login credentials on unsecured public Wi-Fi in cafes or airports. False Wi-
Fi hotspots are set up to deceive users into connecting to them.
4. Obsolete Software and Patches
Problem: Delays in updating to security fixes or keeping older operating systems expose
devices to exploitation.
Examples:
Devices operating on older versions of Android (for example, below Android 8) are exposed
to known exploits such as *Stagefright*.
iOS devices without the latest patches are targeted by zero-day vulnerabilities.
5. Poor Authentication
Problem: Inadequate authentication methods, including too weak or weak passwords and no
biometric alternatives, render devices vulnerable to attackers.
Examples:
- Using default or simple PINs (e.g., "1234"), which are easily guessed. "
- Lacking 2FA apps, such as messaging or banking applications. "
6. App Store Vulnerabilities
Threat: Malware applications evade the safety controls of the app stores, and after installation,
they compromise user data. Examples include:
- Malware in disguise as legitimate utility applications that include spyware, such as flashlight
or calculator apps.
- Joker Malware, often found in applications downloaded from the Google Play Store, that
steal information from users.
7. Device Loss or Theft:
Problem: A physical loss of devices exposes data to unauthorized access if not properly
secured. End
Examples:
- Lost phones with unencrypted data, resulting in breaches of sensitive emails or documents.
 - Stolen business equipment containing confidential business information
8. Battery Drain and Performance Issues
Problem: Resource-hungry apps or malware consume too much battery or CPU, reducing user
experience.
Examples:
- Apps running heavy background process, for example, gaming apps needing constant updates.
.
- Malware using cryptocurrency mining in device resources without user consent.
9. Privacy Issues
Problem: High volume collecting of user data, especially if the apps are unaware of their
actions or have not clearly asked for permission to do it raises privacy concerns. .
Examples:
Location tracking by weather applications while not running.
Mobile applications can also allow unwanted access to a microphone or camera by social media
apps.
10. Insecure APIs
Problem: Vulnerabilities found in APIs used by mobile apps can expose backend systems to
attacks.

Examples:
- Unauthenticated APIs from healthcare apps exposing patient records.
- API keys hardcoded into app binaries, allowing unauthorized access.
 UNIT 5
41. Explain in detail about Device Security Options
i. PIN
ii. Remote Wipe

i. PIN

Most or all mobile devices have the ability to enable a four-to-eight digit PIN in order to use the phone
(outside of 911 services). You should enable the PIN on your phone, period. It’s simple and the first step
in securing the mobile device. Furthermore, assuming your phone willbe lost or stolen at some point in
time (even if you just misplace it for a few hours in a coffee shop), an unmotivated attacker will probably
not try to break into the OS if they see a PIN hasbeen enabled (but will rather wipe and sell it). The data
on the phone, or the data the phone hasaccess to via local or stored credentials, is probably worth more
than the device itself.

Although a four-digit PIN only needs 10,000 attempts to brute-force it, many mobile devices have a time
delay after ten failed attempts. For example, if someone has stolen a phone for thedata and not the device,
they will probably attempt to brute-force the PIN. After ten attempts, there is a time delay between
attempts, making the 9,990 attempts take much longer. On at least some mobile devices, there is an
additional 90-second penalty for every failed attempt above ten, where attempt 11 would require a pause
of 90 seconds, attempt 12 would require 180 seconds, attempt 13 would require 270 seconds, and so on.
The time delay will not prevent a successful brute-force attack, but will make it considerably harder and
longer to perform. The delay should reach a point where the user who has lost the phone is able to notify
the appropriate authorities, who can then remotely wipe the phone of its contents (see next section“Remote
Wipe”), leaving the attacker with no data after any potential brute-force attack that has actually been
successful. Furthermore, some organizations enforce a policy to immediately wipe a mobile phone after
ten failed login attempts. Although this may seem aggressive, if an organization is holding sensitive or
regulated data, the policy is probably warranted. Furthermore, many corporate phones are fully
synced/backed up by enterprise servers, so restoring the data to a new device is trivial (it often takes 45 to
90 minutes).

With some mobile devices, such as the Apple iPhone, the SIM card also has protection, just not the
phone. For example, the SIM card in an Apple iPhone will have a PIN as well. If someone steals the SIM
card from a device and puts in into another iPhone (in order to steal itsdata), they will still be required to
enter the correct PIN value. To enable a PIN on a SIM or the passlock on an Apple iPhone, complete the
following steps:

1 Select Settings | Phone | SIM PIN.

2 Turn on the SIM PIN option.
3 Enter the current PIN (1111 [U.S.], 0000, or3436).
4 Select Change PIN.
5 Select Settings | General | Passcode Lock.
6 Enter your four-digit code.
To enable a PIN on a Windows Mobile phone, complete the following steps:

1. Select Start | Settings | Security.

2. Select Device Lock.
3. Enter your four-digit code.

Remote Wipe

The ability to remotely wipe data on a mobile device is imperative, especially if it is a smartphone/PDA
and is used for corporate purposes. Not only is the remote wipe capability supported on many major
platforms using enterprise software, many third-party organizations sell software to remotely wipe your
device as well. One way or another, the ability to remotelywipe data off a smartphone/PDA makes the loss
of such a device a lot less stressful.

To remotely wipe a smartphone/PDA using a Microsoft Exchange server, complete the following steps:
1 Browse to the Mobile Admin site on your Exchange server (https://<Exchange Server
Name>/mobileadmin).
2 Select Remote Wipe.

3 Enter the name or e-mail address of the user whose device you wish to wipe (suchas
shalindwivedi.com or simply Shalin).
4 Under the Action column, select Wipe to remotely wipe the information from the mobile
device. Note that you can select Delete if you simply want to break the connection
between the mobile device and the Exchange server, but not necessarily wipe the data.

If direct push is enabled, the device will be wiped immediately. If direct push is not enabled, the device
will be wiped the next time the mobile device attempts to sync with the Exchange server.

What is a remote wipe?

Remote wipe is a security feature that allows a network administrator or device owner to senda command
that remotely deletes data from a computing device. It's primarily used to erase data on a device that has
been lost or stolen, so the data won't be compromised if it falls into the wrong hands. It's also used to
remove data from a device that has changed owners or administrators and can't be accessed physically to
remove data.
Remote wipes are mainly used for mobile devices such as smartphones or laptops. Remotewipes can help
a user keep data out of the hands of others if they lose their device, or as a mobile device management
(MDM) precaution in an organization.
Remote wipe contrasts with local wipe -- also called auto wipe -- a data security feature that deletes all
data on a mobile device after a pre-specified number of failed login attempts or after a device moves
outside of a defined physical boundary.
 42. Describe Application Signing and Application Sandboxing

Application Sandbox
The Android platform takes advantage of the Linux user-based protection to identify and isolate app
resources. This isolates apps from each other and protects apps and the systemfrom malicious apps. To do
this, Android assigns a unique user ID (UID) to each Androidapplication and runs it in its own process.
Android uses the UID to set up a kernel-level Application Sandbox. The kernel enforces security between
apps and the system at the process level through standard Linux facilities such as user and group IDs that
are assigned to apps. By default, apps can't interact with eachother and have limited access to the OS. If
app A tries to do something malicious, such as read application B's data or dial the phone without
permission, it's prevented from doing so because it doesn't have the appropriate default user privileges.
The sandbox is simple, auditable, and based on decades-old UNIX-style user separation of processes and
file permissions.
Because the Application Sandbox is in the kernel, this security model extends to both nativecode and OS
applications. All of the software above the kernel, such as OS libraries, application framework,
application runtime, and all applications, run within the Application Sandbox. On some platforms,
developers are constrained to a specific development
framework, set of APIs, or language. On Android, there are no restrictions on how an application can be
written that are required to enforce security; in this respect, native code isas sandboxed as interpreted code

Protections

Generally, to break out of the Application Sandbox in a properly configured device, one mustcompromise
the security of the Linux kernel. However, similar to other security features, individual protections
enforcing the application sandbox are not invulnerable, so defense-in- depth is important to prevent single
vulnerabilities from leading to compromise of the OS or other apps.

Android relies on a number of protections to enforce the application sandbox. These enforcements have
been introduced over time and have significantly strengthened the originalUID-based discretionary access
control (DAC) sandbox. Previous Android releases included the following protections:

 In Android 5.0, SELinux provided mandatory access control (MAC) separation between the system and
apps. However, all third-party apps ran within the same SELinux context so inter- app isolation was
primarily enforced by UID DAC.
 In Android 6.0, the SELinux sandbox was extended to isolate apps across the per-physical-user boundary.
In addition, Android also set safer defaults for application data: For apps with targetSdkVersion >= 24,
default DAC permissions on an app's home dir changed from751 to 700. This provided safer default for
private app data (although apps may override these defaults).
 In Android 8.0, all apps were set to run with a seccomp-bpf filter that limited the syscalls that apps were
allowed to use, thus strengthening the app/kernel boundary.
 In Android 9 all non-privileged apps with targetSdkVersion >= 28 must run in individual SELinux
sandboxes, providing MAC on a per-app basis. This protection improves app separation, prevents
overriding safe defaults, and (most significantly) prevents apps frommaking their data world accessible.
 In Android 10 apps have a limited raw view of the filesystem, with no direct access to paths like
/sdcard/DCIM. However, apps retain full raw access to their package-specific paths, asreturned by any
applicable methods, such as Context.getExternalFilesDir()
Application Signing:
Application signing allows developers to identify the author of the application and to update their
application without creating complicated interfaces and permissions. Every application that is run on the
Android platform must be signed by the developer. Applications that attempt to install without being
signed will be rejected by either Google Play or the package installer on the Android device.

On Google Play, application signing bridges the trust Google has with the developer and the trust the
developer has with their application. Developers know their application is provided, unmodified, to the
Android device; and developers can be held accountable for behavior of their application.

On Android, application signing is the first step to placing an application in its Application Sandbox. The
signed application certificate defines which user ID is associated with which application; different
applications run under different user IDs. Application signing ensures that one application cannot access
any other application except through well-defined IPC.

When an application (APK file) is installed onto an Android device, the Package Manager verifies that
the APK has been properly signed with the certificate included in that APK. If the certificate (or, more
accurately, the public key in the certificate) matches the key used to sign any other APK on the device, the
new APK has the option to specify in the manifest that it will share a UID with the other similarly-signed
APKs.

Applications can be signed by a third-party (OEM, operator, alternative market) or self- signed. Android
provides code signing using self-signed certificates that developers can generate without external
assistance or permission. Applications do not have to be signed by a central authority. Android currently
does not perform CA verification for application certificates.

Applications are also able to declare security permissions at the Signature protection level, restricting
access only to applications signed with the same key while maintaining distinct UIDs and Application
Sandboxes. A closer relationship with a shared Application Sandbox is allowed using the shared UID
feature where two or more applications signed with same developer key can declare a shared UID in their
manifest.

43. What is Buffer Overflow Protection? Explain in detail?

Buffer Overflow Protection:

How To Prevent A Buffer Overflow Attack
A buffer overflow is one of the best known forms of software security vulnerability and is still a
commonly used cyber attack.

You can prevent a buffer overflow attack by auditing code, providing training, using compiler tools, using
safe functions, patching web and application servers, and scanningapplications.
What Is A Buffer Overflow Attack?

In a buffer overflow attack, an application receives more input than it expects. As a result, the error
exposes the system memory to a malicious threat.
While a buffer overflow itself doesn’t cause damage, it does expose a vulnerability.

Threat actors are then able to access memory locations beyond the application’s buffer, which enables
them to write malicious code into this area of memory.

When the application is executed the malicious code is launched. Read More: 10 Cyber Security Trends

You Can’t Ignore In 2021

 How Do You Prevent A Buffer Overflow Attack?

You can prevent a buffer overflow attack by:

 Performing routine code auditing (automated or manual).

 Providing training including bounds checking, use of unsafe functions, and group standards.
 Using compiler tools such as StackShield, StackGuard, and Libsafe.
 Using safe functions such as strncat instead of strcat, strncpy instead of strcpy, etc
 Patching web and application servers regularly and be aware of bug reports relating toapplications upon
which your code is dependent.
 Periodically scan your application with one or more of the commonly available scanners that look for
buffer overflow flaws in your server products and your custom web applications.

44. Define Encryption and describe

i. Full Disk Encryption
ii. E-mail Encryption
iii. File Encryption
(OR)
49. Explain different types of Encryptions used for security?

Encryption

Encryption support for mobile operating systems is imperative. The likelihood of losing a mobile phone
far exceeds the possibilities of losing a laptop. Although the amount of sensitive data on a laptop far
exceeds that on a mobile device, data stored in corporate e-mail and Microsoft Office provides a
goldmine for any thief, no manner what form or amount it comes in. This section covers the encryption
options in mobile devices, including full disk encryption,e-mail encryption, and file encryption.

Full-disk encryption

It is the process of encoding all user data on an Android device using an encrypted key. Once a device is
encrypted, all user-created data is automatically encrypted before committing it to disk and all reads
automatically decrypt data before returning it to thecalling process.
Full-disk encryption was introduced to Android in 4.4, but Android 5.0 introduced these newfeatures:
Created fast encryption, which only encrypts used blocks on the data partition to avoid firstboot taking a
long time. Only ext4 and f2fs filesystems currently support fast encryption.
Added the forceencrypt fstab flag to encrypt on first boot. Added support for patterns and encryption
without a password.
Added hardware-backed storage of the encryption key using Trusted Execution Environment’s (TEE)
signing capability (such as in a TrustZone). See Storing the encryptedkey for more details.
In the Mac and PC worlds, several solutions are offered for full disk encryption, including a few native
ones, even on the OS itself (such as Bitlocker on Windows Vista). Unfortunately, the native options are
not as widely available on mobile operating systems, which offer little or no solutions for full disk
encryption by default. The current security climate will probably change this in the near future, as mobile
operating systems will likely embrace the large corporate user base and the data-protection standards it
requires, rather than force users to bypass their security teams by using mobile devices in an insecure
 manner. However, in the short term, users have limited support for full disk encryption, and must rather
rely on file or e-mail encryption only, as discussed in the next two sections.

Full-disk encryption is the process of encoding all user data on an Android device using anencrypted key.
Once a device is encrypted, all user-created data is automatically encrypted
before committing it to disk and all reads automatically decrypt data before returning it to the calling
process.

Full-disk encryption was introduced to Android in 4.4, but Android 5.0 introduced these newfeatures:

 Created fast encryption, which only encrypts used blocks on the data partition to avoid firstboot taking a
long time. Only ext4 and f2fs filesystems currently support fast encryption.
 Added the forceencrypt fstab flag to encrypt on first boot.
 Added support for patterns and encryption without a password.
 Added hardware-backed storage of the encryption key using Trusted Execution Environment’s (TEE)
signing capability (such as in a TrustZone). See Storing the encryptedkey for more details.

How Android full-disk encryption works

Android full-disk encryption is based on dm-crypt, which is a kernel feature that works at theblock device
layer. Because of this, encryption works with Embedded
MultiMediaCard (eMMC) and similar flash devices that present themselves to the kernel asblock devices.
Encryption is not possible with YAFFS, which talks directly to a raw NANDflash chip.

The encryption algorithm is 128 Advanced Encryption Standard (AES) with cipher-block chaining (CBC)
and ESSIV:SHA256. The master key is encrypted with 128-bit AES via callsto the OpenSSL library. You
must use 128 bits or more for the key (with 256 being optional)

E-mail Encryption

Outside of full disk encryption, e-mail encryption is probably the next best thing. Eighty-five percent of
the contents a user would want to encrypt on their mobile operating system is probably e-mail. Of the
remainder, ten percent would be e-mail attachments downloaded to theOS in the form of Word, PDF, and
Excel documents and five percent would be the storage of authentication credentials.

Although all or most mobile phones support Transport Layer Security (TLS)/Secure Sockets Layer (SSL)
for transmission security, with HTTP, IMAP/POP3, and SMTP, most of them do not support local
encryption of stored e-mail. Encryption for locally stored e-mail is important for several reasons. For
example, a user may feel secure that their e-mail is passing public communication channels over a TLS
tunnel, but if their device were to be stolen, the downloaded e-mail on the device would sit in clear text
and in the hands of a malicious person. The need to encrypt locally stored e-mail is obvious—a lost or
stolen mobile device could expose plenty of sensitive information sitting in one’s Inbox. Furthermore, the
few seconds someone “borrows” your phone to make a call could be enough time for a motivated attacker
to forward all the e-mail from your phone to a system they control. Unfortunately, none of the most
popular mobile operating systems provide native support for local e-mail. BlackBerry devices do offer the
best non-native support via the integration of Pretty Good Privacy (PGP).
PGP is a popular e-mail encryption tool used on PCs. Using PGP Universal within a BlackBerry
enterprise, users can encrypt the contents of an e-mail similar to how it is performedon a PC. Although the
use and integration of PGP Universal on BlackBerry Enterprise Serversis not a quick exercise, it does give
the corporate enterprise the option to offer the same level of at-rest security protection of e-mail as in the
PC world. In addition to PGP, S/MIME is supported on BlackBerry and Windows Mobile as well.

Note

More information can be found on integrating PGP or S/MIME to encrypt the actual contents of e-mail
(e-mail at rest, not e-mail in transit) on a local BlackBerry device on the BlackBerrywebsite .

What Does Email Encryption

Email encryption is an authentication process that prevents messages from being read by an unintended or
unauthorized individual. It scrambles the original sent message and converts it into an unreadable or
undecipherable format. Email encryption is necessary when sharing sensitive information via email.
Hackers use email to target victims and steal data, such as personal information like names,addresses, and
login credentials, then commit crimes like identity theft or identity
fraud. Furthermore, most sent emails are encrypted while the data is transmitted, but the information is
stored in clear text, making the content readable by email providers. Popular free-to-use email services
typically do not provide end-to-end encryption, which means hackers can easily intercept sent messages.
Email encryption solutions use public-key cryptography and digital signature mechanisms to encrypt
email messages. This process ensures email security and guarantees only the intendedrecipient can open
the email.
What Does Email Encryption Do?
When sending an email with sensitive information, you can use encryption. Email encryption refers to
plain text being converted into scrambled cipher text. The email can then only be read by the recipient
that has the private key that will be used to decode the email

Email encryption is an authentication process that prevents messages from being read by an
unintended or unauthorized individual. It scrambles the original sent message and converts it into an
unreadable or undecipherable format. Email encryption is necessary when sharing sensitive information
via email.

Hackers use email to target victims and steal data, such as personal information like names,addresses, and
login credentials, then commit crimes like identity theft or identity
fraud. Furthermore, most sent emails are encrypted while the data is transmitted, but the information is
stored in clear text, making the content readable by email providers. Popular free-to-use email services
typically do not provide end-to-end encryption, which meanshackers can easily intercept sent messages.

Email encryption solutions use public-key cryptography and digital signature mechanisms to encrypt
email messages. This process ensures email security and guarantees only the intendedrecipient can open
the email.
What Does Email Encryption Do?

When sending an email with sensitive information, you can use encryption. Email encryption refers to
plain text being converted into scrambled cipher text. The email can then only be read by the recipient
that has the private key that will be used to decode the email.

Email Encryption Architecture

Email encryption solutions do not typically follow a standard architecture but rely on gateway software
that enables the enforcement of policy-based encryption. This enables organizations to implement policies
that define which emails need to be encrypted and in what circumstances messages should be encrypted.
For example, organizations will typically specify that any email message containing personally
identifiable information (PII), financialdata, or other sensitive information sent by any user be encrypted.

Some email encryption software will be in the form of a client installed on users’ computers, laptops, or
mobile devices. This service can use policy-based encryption to protect specific email messages or enable
users to choose which emails to encrypt, or a combination of both. Other email encryption solutions may
focus on protecting the device rather than the email gateway, which targets potential security threats on
local networks.

But there is increasingly no requirement for users to install email encryption services on their devices.
Instead, they can now access web-based interfaces that decrypt and read encrypted messages. These email
encryption solutions will either be hosted privately by the organization or, increasingly frequently, a
cloud-based service through an email encryption software vendor.

File Encryption

The last category we discuss under the encryption umbrella is file encryption. A wider amountof support
for file encryption, as opposed to e-mail encryption, is provided from the major mobile operating systems.
Specifically, BlackBerry, Windows Mobile 6.1, and iPhone (using Keychain) all natively support local
file encryption. Both BlackBerry and Windows Mobile
seem to offer the most seamless encryption options via the use of their policy servers. For example, the
BlackBerry Enterprise Server has an option to enable file-level encryption using options on its policy
server. Furthermore, Windows Mobile 6.1 users can encrypt e-mail, calendars, My Document
files/folders, and tasks by enabling the On-Device Encryption optionson the management server.

file encryption keeps data safe — even when hackers get to it. Here’s how fileencryption maintains a
base level of security while preparing organizations fordeveloping threats.

In today’s security climate, exposed data is a surefire way to compromise the integrity and
confidentiality of your entire enterprise. The best way to ensure that data is safe even in the event of a
breach is to ensure that files are always encrypted. Think of it this way: a hacker could break into a
healthcare facility and reach a file where patient medical documents are stored. If the files are
encrypted, the hacker won’t be able to do much with this indecipherable data and will feel inclined to
move on to an easier target.

However, how file encryption is performed determines the degree of security it can provide. In this
guide, we’ll explore what file encryption consists of, when data is mostvulnerable, how to encrypt a
file, and what types of file encryption should be used for optimal data protection.
 What is File Encryption?
File encryption transforms data into code that only intended recipients can decipher, preventing
unauthorized users from being able to access, view, and understand sensitive information. It often
relies on public key cryptography, where key pairs are generated by particular mathematical
algorithms that are hard to crack. These key pairs are issued only to predetermined recipients and
senders and no one else, forming a lock-and-key mechanism that encrypts and decrypts data in transit,
in use, and at rest.

What is File Encryption Used For?

Businesses, organizations, enterprises, and agencies all have data in need of safeguarding. From a
healthcare facility updating a patient’s medical record to a national bank interacting with consumer
financial data — a wide range of personal information needs to be shielded from the public eye and
must only be accessible to administrators with restricted privileged access.

With data breaches and identity theft on the rise, encrypting files not only means protecting an
organization’s reputation and trustworthiness — it means protecting peopleand their valuable assets.

File encryption is also a key pillar of cybersecurity, with national and global policies requiring its use.
The California Consumer Privacy Act of 2018 ( CCPA), the US’s Healthcare Insurance Portability and
Accountability Act (HIPAA), the EU’s General Data Protection Regulation (GDPR), and Canada’s
Federal Information Processing Standards (FIPS) are just a few of many regulations setting standards
and guidelines forsufficient file encryption.

Which Files Do You Need To Encrypt?

All confidential or sensitive files should be encrypted at all times, although specific datatypes warrant
extra care and caution. These include:
 Business Operations Data: Files containing client contracts, financial transactions, payment histories,
and customer negotiations should be kept secret. Otherwise, lax data security measures can compromise
client relationships and cost an enterprise itsbrand and business.
 Legal Data: By law, all legal data surrounding ongoing proceedings must be encrypted and protected in
all its states, to prevent the case’s outcome from being jeopardized. Moreover, all communications with
lawyers, paralegals, business partners, and all other parties to a case must be protected.
 Human Resources Data: Employers possess a lot of personal data about their employees, including their
wage and banking accounts, contractual obligations, contact information, social security numbers,
medical documentation, and more. Thisdiverse array of data makes companies a prime target for hackers
and malicious internal actors looking to exploit financial and identity-based assets.

When Should Files Be Encrypted?

It also matters when data is encrypted and, ideally, it should be encrypted at all times. Leaving data
in plain, readable text, even for a few moments, is often just enough time for an adversary to
wrongfully obtain private data. As a result, end-to-end encryption should be prioritized — this means
data should be encrypted in transit, in use, and at rest. This is also mandated by the US Government.
 45. Explain security Features of Windows Mobile, iPhone and Android?

Windows Mobile

Windows Mobile was a mobile operating system developed by Microsoft. It was first introduced in
2000 as Pocket PC 2000 and went through several iterations under different names, including Pocket
PC 2002, Windows Mobile 2003, Windows Mobile 5.0, 6.0, and 6.5. The platform was designed for
use in smartphones and personal digital assistants (PDAs). However, it is important to note that
Microsoft officially ended support for WindowsMobile in 2020.

Here are key aspects of Windows Mobile:

1. User Interface:

Windows Mobile featured a user interface with a Start menu, similar to the Windows desktop
environment, providing familiarity for users already accustomed to Microsoft's ecosystem.

2. Applications:

The platform supported a variety of applications, including productivity tools, games, and utilities.
Developers could create applications using programming languages like C++ and NET.

3. Office Mobile:

Windows Mobile included a version of Microsoft Office called Office Mobile, allowing usersto view
and edit documents on their mobile devices.

4. Email and Messaging:

The operating system had built-in support for email, messaging, and synchronization with Microsoft
Exchange Server. It aimed to provide a seamless experience for users who relied on Microsoft's
productivity tools.

5. Internet Explorer Mobile:

Internet Explorer Mobile was the web browser for Windows Mobile, providing users with theability
to browse the internet directly from their devices.

Windows Mobile Security features

1. BitLocker Encryption: Windows Mobile supports device encryption, allowing users to encrypt
the entire device to protect data.
2. Remote Wipe: Users can remotely wipe their devices if lost or stolen, ensuring sensitive data
does not fall into the wrong hands.
3. User Authentication: Options for password protection, PIN codes, and biometric
authentication (fingerprint) help secure access to the device.
4. App Security: Windows Mobile implements a strict app vetting process, ensuring apps are
from trusted sources before installation.
5. Device Lock Policies: Administrators can enforce policies that require devices to lock after a
certain period of inactivity.
Google Android

The first part will introduce the history of the mobile operating system and main features of the
smartphone. The second part will analyze security issues of this sort of smartphone.
Android is a famous operating system for mobile device. Its name is from the first developing
company, Android Inc [Android]. In October 2003, Android Inc. was founded, whose focus is on
developing software for mobile devices. After two years, Android Inc. was acquired by Google, and
became wholly subsidiary of Google. This was the first signal that Google would expand their
services to mobile phone market. Figure 1 shows the images of Android Smartphone devices.
Android was revealed on November 5, 2007. On the same day, the newsthat Open Handset Alliance
is founded was announced. This alliance includes many large software, hardware and
telecommunication companies, such as Intel, HTC, Motorola, T- Mobile and etc, whose aim is to
develop open standards for mobile devices. Table 1 shows the history of Android System.

Feature of current Android version

Features Description

No native video calling in Android, some handset use UMTS

Video calling or IP network support video call, for example, Google Talk
or Skype

Screen capture Native support screen capture

Handset layouts 2D or 3D graphic library

Messaging Text messaging and Cloud to Device Messaging Framework

Storage SQLite database to store data

Support many connectivity method: Bluetooth, Wi-Fi,

Connectivity
WiMAX, CDMA, GSM/EDGE, IDEN, EV-DO, UMTS,
LTE, and NFC
Language Support multiple language

Web browser Provide WebKit engine

Media Support many audio or video formats

Support Java application, and third-party can use java to

Java
develop apps
Support Adobe Flash Streaming, RTP/RTSP streaming, and
Streaming media
HTTP Dynamic Streaming, and HTTP Live Streaming
Multi-touch Native support multi-touch

Bluetooth Support Bluetooth sending or access stored data

Multitasking Support multitasking

Voice based feature Voice control texting, calling, Google search, and navigation

Tethering Support wired or wireless Wi-Fi hotspot

Support camera, GPS, accelerometer, barometer and other

Hardware support
hardware
Android Security features

1. Google Play Protect: A built-in malware protection service that scans apps for malicious behavior.
2. Encryption: Android devices can be encrypted to protect data at rest.
3. Biometric Security: Support for fingerprint scanning and facial recognition to secure device access.
4. Application Permissions: Android allows users to control app permissions, enabling them to
manage what data apps can access.
5. Remote Management: Enterprise features like Android Enterprise enable IT administrators
to remotely wipe or manage devices.

Apple iPhone

The first part will introduce the history of the mobile operating system and main feature of the
smartphone. The second part will analyze the security issues of this sort of smartphone.
The iPhone is one of the most popular smartphone in the world marketed by Apple Inc. The first
generation iPhone was released on June 29, 2007 [iPhone]. Now it totally released five generations,
the 5th generation, iPhone 4S, was released on October 14, 2011. Figure 1 shows the images of
iPhone 4S. As a smartphone, iPhone supports video call, text message, media
player, email, web browsing through 3G and Wi-Fi connectivity. The users interface istouchscreen,
which is designed for one finger or multiple fingers.
The operating system of iPhone is iOS [iOSVersion]. This operating system is also used in other
Apple's mobile devices, such as iPad or iPod. Table 3 shows the history of iOS version. Apple users
can update their operating system through iTunes. iOS version 5.0 supports wireless data
synchronization through iCloud service. This means users do not need USB connection with iTunes
to update data. Table 4 shows some special features provided by iPhone.
Any third-party provider who want to develop applications for iPhone needs SDK [SDK]. After
paying 99 dollar per year for membership fee, a third-party developer can upload their application to
Apple store. Apple store can provide voluntary free download and set a price to their application
including 30% revenue which will go to Apple. Developers have to use C, C++, or Objective-C to
develop all iPhone applications.
There are also some restrictions of iOS SDK. First, it doesn't allow developers run Java on the
iPhone, so developers can not write Java applications and load onto Apple store. Second,
it can not install .NET framework. Thus developers can not use their .NET software environment.
Third, neither Adobe Flash nor Adobe Flash Lite is supported by iOS.

Features Description

Make Facetime calls, enable/disable option

Phone
forvoice dial

Send text, video, photo, location or contact

iMessage/Message
information

General Show general information of phone

Voice commands, support English, French

Siri
andGerman

Notification Center Display stock or weather

Calendar View, create calendar

Clock Display time

 Weather 5 day weather forecast, hourly update

Stock Real time finance information

Show all paper or magazines had been

Newsstand
downloaded
Reminders To-do list

Twitter Twitter application

Music Play music or broadcast song

Camera Take photos, Auto Focus

Maps Find location, maps, or routes

Mail Receive or send email

Photos Create or edit local photo

Safari Web browsing

Selected data or documents can sync with

iCloud
iCloudaccount
Game Center Play game with friends

Settings Basic setting function

Input words or command, support Chinese

Keyboard
inputmethod
PC-Free Start fresh the device, wireless sync to
iTunes
YouTube Video play

FaceTime Video call via camera

iTunes/App Store Search, purchase, download, and install

apps
Contacts Edit contact information

VoiceOver Speak text selection

Bluetooth AVPCP 1.4 supported

Minor improvements Bug fixes, delete app data

iPhone (iOS) Security features

1. Encryption: iOS devices encrypt data by default, providing a high level of security for stored data.
2. Face ID and Touch ID: Biometric authentication methods enhance security and ease of access.
3. App Store Review Process: Apple’s stringent app review process helps ensure that only secure and trusted
apps are available.
4. Sandboxing: Apps operate in a restricted environment, preventing them from accessing data from other
apps without permission.
5. Find My iPhone: This feature allows users to locate their devices and remotely lock or wipe them if lost
or stolen.
46. Write about Enterprise Security on the Mobile OS Device Security Options?

iOS (iPhone)

iOS provides robust security features through its managed deployment capabilities. Mobile Device
Management (MDM) allows IT administrators to enforce security policies, remotely wipe devices,
and manage app installations. Data Encryption is enabled by default, protecting sensitive
information at rest and in transit. Additionally, App Transport Security mandates secure
connections for network communications, further safeguarding enterprise data. Biometric
authentication, like Face ID and Touch ID, enhances security for user access.

Android

Android offers extensive enterprise security through Android Enterprise, which includes features
like Work Profiles that separate personal and corporate data. Administrators can control app
permissions and deploy policies to manage devices securely. Google Play Protect scans for
malicious apps, while Encryption options ensure that data is secure on the device. Remote
Management capabilities allow IT to enforce security settings, perform remote wipes, and track
devices if lost.

Windows Mobile

Although less prevalent now, Windows Mobile provided enterprise security features such as
BitLocker Encryption for data protection and Remote Wipe capabilities. IT administrators could
implement Group Policies to manage device configurations and security settings. The platform
supported application vetting to ensure only trusted software could be installed.

Security options:

1. Mobile Device Management (MDM)

MDM solutions are integral for managing mobile devices in an enterprise setting. They allow IT
administrators to enforce security policies, monitor device compliance, and deploy apps remotely.
For instance, both iOS and Android support robust MDM frameworks that enable granular control
over device settings and security configurations.

2. Data Encryption

Data encryption is a fundamental security feature across mobile operating systems. iOS encrypts data
by default, ensuring that sensitive information is secured at rest. Android also provides full-disk
encryption options, which can be enabled through enterprise policies. This ensures that even if a
device is lost or stolen, unauthorized users cannot access the data.

3. Application Security

Each platform implements strict application security measures. iOS has a stringent App Store review
process to minimize malicious apps, while Android utilizes Google Play Protect to scan apps for
vulnerabilities and threats. Enterprises can also enforce app whitelisting and blacklisting to control
which applications can be installed on corporate devices.
 4. User Authentication

Robust authentication methods are vital for securing access to corporate data. iOS devices support
biometric authentication through Face ID and Touch ID, while Android devices offer a variety of
biometric options alongside traditional PIN and password protections. Enterprises can implement
policies requiring strong authentication methods to access sensitive applications.

5. Remote Wipe and Lock

In case of loss or theft, remote wipe capabilities allow IT administrators to erase sensitive data from
a device. This feature is crucial for minimizing data breaches. Both iOS and Android provide options
to remotely lock or wipe devices through their respective MDM solutions.

6. Compliance and Reporting

Mobile operating systems also offer compliance management features that help organizations adhere to
industry regulations such as GDPR or HIPAA. Reporting tools provide insights into device compliance status.
47. Explain Secure Local Storage and Secure policy Enforcement?

Secure Local Storage

The ability to store sensitive information locally in a secure fashion is another imperative security
feature for mobile operating systems. For example, many applications that are installed on a mobile
operating system require some type of authentication to a remote Internet service. Requiring the user
to remember and enter authentication credentials each time they want to usethe application becomes
cumbersome; however, without authentication, the application has no way to identify which user has
signed in. For example, many applications installed on the iPhone, Windows Mobile, BlackBerry
OS, and the gPhone actually store login information, such as username and password, locally on the
device in clear text. Most of the time, the file iseasily accessible in backup files with no encryption or
obfuscation of this information. This presents a few problems for the user. First, if the device is ever
lost or stolen, the owner’s username and password for the application are in clear text for all to see.
Second, and probablymore importantly, other install applications running on the phone could access
this same information. For example, any malicious piece of software installed on the phone, such as
malware, viruses, or worms, could access the clear-text file with the username and password and then
send it to a remote system controlled by an attacker. Furthermore, whereas the storageof username and
password information is probably common, some applications may store moresensitive information,
such as credit card information (e-commerce applications) and even medical record numbers
(medical applications used on a doctor’s PDA). The following sectioncovers the iPhone’s solution to
the local storage issue.

Key components:

1. Data Encryption: Data stored locally on devices should be encrypted to prevent unauthorized
access. This means that even if someone gains physical access to the device, they cannot read the
data without the appropriate decryption key.
2. Sandboxing: Mobile operating systems often use sandboxing to isolate applications from one
another. This limits the access each app has to the local storage of other apps, helping to protect
sensitive data.
3. Key Management: Secure local storage includes robust key management practices. For example,
encryption keys should be stored securely and not embedded in application code. Operating systems
may provide secure hardware elements (like Secure Enclaves) for key storage.
4. Access Control: Implementing strict access control measures ensures that only authorized
applications and users can access specific data. This can include user authentication methods like
biometrics or passwords.
5. Data Integrity Checks: Regular integrity checks can ensure that data has not been tampered with.
This can involve checksums or cryptographic signatures that validate the authenticity of the data.

Secure Policy Enforcement

Secure Policy Enforcement is an essential framework within enterprise security that ensures
compliance with established security standards and practices across all devices and applications. This
process begins with the implementation of Mobile Device Management (MDM) solutions, allowing
IT administrators to enforce security configurations, manage app installations, and monitor
compliance remotely. Access control policies, such as Role-Based Access Control (RBAC) and
Multi-Factor Authentication (MFA), are crucial in limiting data access to authorized personnel
only, thereby reducing the risk of unauthorized access. Continuous monitoring tools are employed to
track device compliance in real time, generating automated alerts for any deviations from security
protocols, which facilitates prompt corrective actions. Configuration management is also pivotal;
organizations establish standard device configurations to ensure uniform adherence to security
policies, supplemented by periodic audits to identify and rectify non-compliance.

Key components:

1. Device Management: Through Mobile Device Management (MDM) solutions, organizations can
enforce security policies on devices, such as requiring encryption, disabling certain features, and
mandating strong authentication methods.
2. Access Policies: Organizations can define access policies that dictate who can access specific data or
applications based on roles or permissions. This limits exposure and minimizes the risk of data
breaches.
3. Compliance Monitoring: Regular audits and monitoring tools can ensure that devices comply with
defined security policies. This includes tracking device configurations and user behaviors to identify
any deviations from the established policies.
4. Configuration Management: Security policies should include guidelines for configuring devices
securely. This might involve disabling certain functionalities, like USB debugging, that could be
exploited by malicious entities.
5. Incident Response Protocols: Policies should include predefined responses to security incidents.
This ensures a swift reaction to potential breaches, including steps for data recovery and device
lockdown.

48. Write about Apple iPhone and Keychain?

Apple iPhone and Keychain

The iPhone addresses the need to store sensitive credential information on the local device viathe use
of the Keychain. The Keychain can be used by iPhone applications to store, retrieve, and read
sensitive information, such as passwords, certificates, and secrets. Once invoked by an application,
the Keychain service ensures an application is verified to access the Keychain by checking its
signature (signed by Apple) before granting permissions. The Keychain takes care of all the key
management issues, and the application does not have to do much beyond calling to the service.

One key idea to mention is when an application is not using the Keychain and data is being backup to
a personal computer. If an iPhone is backed up to a regular computer, all the data onthe iPhone will be
stored in the clear on the PC, except for data stored in the Keychain. Hence, if an application truly
wants to protect data on the iPhone, it should ensure the Keychain is being used; otherwise, data will
be shown in clear text when it is connected to a regular computer.

Functionalities:

1. Functionality of iCloud Keychain

iCloud Keychain securely stores passwords and sensitive data, allowing users to access this
information across all their Apple devices. When a user logs into a website or app, Keychain can
automatically fill in usernames and passwords, simplifying the login process. It also generates strong,
unique passwords for new accounts, reducing the risk of password reuse and enhancing overall
security.
2. Encryption and Security
Security is a paramount concern for Apple, and iCloud Keychain employs robust encryption methods
to protect user data. All information stored in Keychain is encrypted both in transit and at rest, using
AES-256 encryption. This means that even if data is intercepted during transmission or accessed
from the cloud, it remains secure and unreadable without the appropriate keys. Additionally,
Keychain is protected by the device’s biometric authentication methods, such as Face ID or Touch
ID, adding an extra layer of security.
3. Cross-Device Syncing
One of the key advantages of iCloud Keychain is its ability to sync data across all Apple devices
seamlessly. When a user updates or adds a password on one device, the changes are automatically
reflected on other devices logged into the same iCloud account. This feature is particularly useful for
users who switch between their iPhones, iPads, and Macs, ensuring that they always have access to
their latest credentials without manual entry.
4. User-Friendly Interface
iCloud Keychain is integrated into the iOS ecosystem, making it easy for users to manage their
passwords and secure information. The user-friendly interface allows users to view saved passwords,
update information, and delete entries when necessary. Users can also enable the option to receive
alerts for weak or reused passwords, prompting them to strengthen their securit y.
5. Privacy Considerations
Apple places a strong emphasis on user privacy. iCloud Keychain is designed to minimize data
collection, and Apple does not have access to the actual passwords stored in Keychain. The
encryption ensures that only the user can access their information. Moreover, the device itself is the
only entity that can decrypt the stored data, maintaining user confidentiality.

49. Explain different types of Encryptions used for security?

(REFER TO QUESTION 44)

50. Explain the security features in Black Berry and Android?

BlackBerry

The first part will introduce the history of the mobile operating system and main features of the
smartphone. The second part will analyze the security issues of this sort of smartphone.
BlackBerry is the name of one kind of smartphone device developed by Research In Motion(RIM),
which is an Canadian company [BlackBerry]. The first BlackBerry smartphone was unveiled in
2003. In this first version, it supports web browsing, mobile telephone, text messaging, internet
faxing, push emai, and other internet services. Figure 3 shows some images of BlackBerry devices.
The most famous feature is that BlackBerry provides high level of security through complex
encryption method to push email and instant message.

The operating system of BlackBerry is BlackBerry OS [BBOS] written by C++. BlackBerry OS

supports multitasking and specialized input device, such as trackball, trackwheel, trackpad and
touchscreen. This operating system supports WAP1.2, Mobile Information Device Profile (MIDP)
1.0 and a subset of MIDP2.0. This supports wireless synchronizationexchange tasks, email, and other
business schedule through BlackBerry Enterprise Server (BES). BES is a software package
supporting companies' email system. It can be use in Google Apps, Lotus Domino, Novell
GroupWise and Microsoft Exchange. The BlackBerry operating system can be automatically updated
through their wireless carriers. The Blackberry OS 6 was released in late 2010. The most current
version-Blackberry OS 7 was released in August 2011. There are many series of device, they have
some common featureswith slightly different in each version.

Features Description

Camera Capture picture and video record

Wi-Fi Wi-Fi access

Video/Audio Support Video, Audio, or Picture play

Touchcreen/ Recent versions support touchscreen, trackpad or

Trackpad both.
Support sending or receiving messages, voices,
BlackBerry
videos, orpictures through BlackBerry PIN
Messenger
Web browsing Web browsing engine, Google Quick Search

Other applications provided by third party, user can

Third part application
download and install these applications on their
device.
Game User can download and play games

BlackBerry Maps Show maps, and search location

BlackBerry News Users can view recent news

Corporate Data Facilitated to access corporate data

Access
GPS Navigation

Bluetooth Support Bluetooth

Social Networking Support social networking applications

 Security Features:

1. End-to-End Encryption

BlackBerry employs strong end-to-end encryption for communications, ensuring that messages,
calls, and data are protected both in transit and at rest. This prevents unauthorized access and
eavesdropping, even if the data is intercepted.

2. BlackBerry Secure OS

BlackBerry devices run on a hardened version of Android or their proprietary operating system,
designed with security as a core focus. The OS includes multiple layers of security features that
protect against malware and vulnerabilities.

3. Data Loss Prevention (DLP)

BlackBerry provides DLP features to help organizations manage and secure sensitive information.
This includes controlling how data can be shared, preventing unauthorized access, and ensuring
compliance with regulatory requirements.

4. Mobile Device Management (MDM)

BlackBerry offers advanced MDM solutions through BlackBerry Enterprise Mobility Suite. This
allows IT administrators to manage devices remotely, enforce security policies, and monitor device
compliance, enhancing overall security.

5. Secure Boot and Hardware Security

BlackBerry devices utilize secure boot processes to ensure that only trusted software runs on the
device at startup. Additionally, hardware-based security features, such as a secure enclave, protect
encryption keys and sensitive data from potential attacks.

6. Application Security

BlackBerry has a stringent app vetting process to ensure that only secure applications are available
for download. The company also supports containerization, allowing businesses to separate personal
and corporate data within apps.

7. Regular Security Updates

BlackBerry is committed to providing regular security updates and patches to address vulnerabilities.
This proactive approach helps protect devices from emerging threats and ensures that users have the
latest security enhancements.

8. Secure Messaging

BlackBerry Messenger (BBM) and other secure messaging solutions offer encrypted messaging
capabilities, ensuring that conversations remain private and protected from interception.

9. Privacy Features
BlackBerry includes various privacy features, such as secure browsing, which helps protect user data
while online, and the ability to control app permissions, giving users more oversight over their data.