Android Overview

Android Overview
Android (Google) is a widely anticipated open
source operating system for mobile devices,
Supporting
Bluetooth (wireless for short distance)
Wi-Fi (wireless for 150 feet indoors, 300 ft outdoors)
3G(200 kbits/sec) and 4G (100 Mbit -1Gbit/sec)

Android software stack

Android Linux operating system
Middleware(Dalvik Runtime Optimized Java virtual
machineVM, Java API) and Library(Phone, contact,
GPS map, SQLite, OpenGL.)

Android Architecture

Linux kernel Layer

Android relies on Linux kernel
Supplies management of security, memory
process, network, and drivers
Acts as an abstraction layer between the
hardware and the rest of the Android software
stack

Library Layer
System C libraries and function Libraries, supporting
multimedia, web browser, SQLite... Native Services to
hardware
Android runtime
Dalvik Virtual Machine
Executes files in the Dalvik Executable (.dex) format
Java core Libraries
Provides most of the functionality of the Java
programming language.
Java core libraries rely on the Dalvik VM and the
underlying Linux kernel
Every Android application runs in its own process, with
its own instance of the Dalvik virtual machine

Application Framework Layer

Simplify the reuse of components
Applications can publish their capabilities and any other
application may then make use of those capabilities
Applications is a set of services
Views system, content providers, resources managers
such as
Activity Manager, manages the lifecycle of applications
and provides a common navigation backstack
Notification Manager, enables all applications to display
custom alerts in the status bar
Resource Manager, providing access to non-code
resources such as localized strings, graphics, and layout
files
Views, used to build an application, including lists, grids,
text boxes, buttons, and even an embeddable web
browser

Applications Layer
A set of core applications shipped with Android platform
an email client, SMS program, calendar, maps,
browser, contacts, and others
All written in Java
User applications are also here

Features of Android

Popularity (High market share)

AWAT
Enabled SMS
Enabled GPS
Cameras & microphones
Open source apps
Development with Java
Linux based
Short learning curve with IDE Java Eclipse IDE for
Android app development
Easy deployment to mobile device
Easy to distribute apps via Android Market
Share app, Sell app,
Download & reuse open source apps

Cont.

Hot job market

Market for mobile software surges from $4.1
billion in 2009 to $17.5 billion by 2012
2010 Dice.com survey: 60% for Android
Dice.com: mobile app developers made
$85,000 in 2010 and salaries expected to
rise2

Limitations

screen size
battery life time
processor capacity
Slow network access and Web browser
Input: soft keyboard, phone keypad, touch
screen, or stylus
Security

Android App software components

Activity
Service
Broadcast Receiver
Intent
Content Provider
Android App Development Tutorial:
http://www.slideserve.com/lyndon/android-development-tutorial

Activity
Activities provide a user interface for one
specific task, Basic component of most
applications
Most applications have several activities
that start each other as needed
Each is implemented as a subclass of the
base Activity class

Service
Services execute background processing, no
visual interface
Ex: Downloads, Playing Music, TCP/UDP Server
You can bind to an existing service, control its
operation, and run in background
Play music, alarm clock, etc.
Secured if using permissions
Callers may need to verify that service is the
correct one

Content provider

Content providers are data storage facilities

which supports data exchange between
applications
Make data available to other applications
Transfer data between applications in Android
Other applications use a ContentResolver
object to access the data provided via a
ContentProvider

ContentProviders

Generally SQL backend

Used to share content between apps
Access controlled through permission tags
Apps can be dynamically authorized access
control
Possible security hole
Must protect against SQL injection
verify input using parameterization

Broadcast receivers
Broadcast receivers act as mailboxes for
messages from other applications. It receives
and reacts to broadcast announcements
If an app registered the receiver in adv., the
event will notify and call back the registered
software
Ex: Low battery, power connected, shutdown,
timezone changed, etc.

Broadcast receivers
Act as receivers for multiple components
Provide secure IPC
Done by specifying permissions on
BroadcastReceiver regarding sender
Otherwise, behave like activities in terms of IPC
Cant define permission
Dont send sensitive data

Component life cycle

Activities
Can terminate itself via finish();
Can terminate other activities it started via
finishActivity();

Services
Can terminate via stopSelf(); or
Context.stopService();

Content Providers
Are only active when responding to ContentResolvers

Broadcast Receivers
Are only active when responding to broadcasts

Intent
Intent is a goal action component which takes care of
the process of inter-components communication
(ICC)
Intent is simply a message object containing a
destination component address and data
Protection
Each application executes as its own user identity,
such that OS provides system-level isolation;
Android middleware contains a reference monitor that
mediates the inter-component communication (ICC).

Intent(cont.)
Intent action:
Start an Activity
Broadcast events or changes
Start, stop, resume. or communicate with
background Services
Access data held by ContentProviders
Call back to handle events
Carry data with Extras (key, value)

Android component activation

An intent is an object which can have a message content
and start Activities, services and broadcast receivers
- ContentProvider is started by ContentResolvers
An activity is started by Context.startActivity(Intent
intent) or Activity.startActivityForResult(Intent intent,
int RequestCode)
A service is started by Context.startService(Intent
service)
An application can initiate a broadcast by using an
Intent in any of Context.sendBroadcast(Intent intent),
Context.sendOrderedBroadcast(), and
Context.sendStickyBroadcast()

Intent Filters
Used to determine recipient of Intent
Specify the main entrance for activities
A user interface consists of a series of
Activities
Each Activity is a screen.
Intent may leave a security flaw (hole)
Solution: Intents explicitly define
receiver

Goal
Understand applications and their
components
Concepts:
activity,
service,
broadcast receiver,
content provider,
intent,
AndroidManifest
@2011 Mihail L. Sichitiu

24

Applications
Written in Java (its possible to write native
code will not cover that here)
Good separation (and corresponding security)
from other applications:
Each application runs in its own process
Each process has its own separate VM
Each application is assigned a unique Linux user ID
by default files of that application are only visible
to that application (can be explicitly exported)
@2011 Mihail L. Sichitiu

25

Application Components
Activities visual user interface focused
on a single thing a user can do
Services no visual interface they run in
the background
Broadcast Receivers receive and react
to broadcast announcements
Content Providers allow data exchange
between applications
26

Activities
Basic component of most applications
Most applications have several activities
that start each other as needed
Each is implemented as a subclass of the
base Activity class

27

Activities The View

Each activity has a default window to draw in
(although it may prompt for dialogs or
notifications)
The content of the window is a view or a
group of views (derived from View or
ViewGroup)
Example of views: buttons, text fields, scroll
bars, menu items, check boxes, etc.
View(Group) made visible via
Activity.setContentView() method.
28

Services
Does not have a visual interface
Runs in the background indefinitely
Examples
Network Downloads
Playing Music
TCP/UDP Server

You can bind to a an existing service and

control its operation
29

Broadcast Receivers
Receive and react to broadcast
announcements
Extend the class BroadcastReceiver
Examples of broadcasts:
Low battery, power connected, shutdown,
timezone changed, etc.
Other applications can initiate broadcasts

30

Content Providers
Makes some of the application data available
to other applications
Its the only way to transfer data between
applications in Android (no shared files,
shared memory, pipes, etc.)
Extends the class ContentProvider;
Other applications use a ContentResolver
object to access the data provided via a
ContentProvider
31

Intents
An intent is an Intent object with a message content.
Activities, services and broadcast receivers are started
by intents. ContentProviders are started by
ContentResolvers:
An activity is started by Context.startActivity(Intent intent) or
Activity.startActivityForResult(Intent intent, int RequestCode)
A service is started by Context.startService(Intent service)
An application can initiate a broadcast by using an Intent in any
of Context.sendBroadcast(Intent intent),
Context.sendOrderedBroadcast(), and
Context.sendStickyBroadcast()

32

Shutting down components

Activities
Can terminate itself via finish();
Can terminate other activities it started via finishActivity();

Services
Can terminate via stopSelf(); or Context.stopService();

Content Providers
Are only active when responding to ContentResolvers

Broadcast Receivers
Are only active when responding to broadcasts

33

Android Manifest

Its main purpose in life is to declare the components to the system:

<?xml version="1.0" encoding="utf-8"?>
<manifest . . . >
<application . . . >
<activity android:name="com.example.project.FreneticActivity"
android:icon="@drawable/small_pic.png"
android:label="@string/freneticLabel"
... >
</activity>
...
</application>
</manifest>

34

Intent Filters

Declare Intents handled by the current application (in the

AndroidManifest):
<?xml version="1.0" encoding="utf-8"?>
<manifest . . . >
<application . . . >
<activity android:name="com.example.project.FreneticActivity"
android:icon="@drawable/small_pic.png"
android:label="@string/freneticLabel"
... >
<intent-filter . . . >
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
<intent-filter . . . >
<action android:name="com.example.project.BOUNCE" />
<data android:mimeType="image/jpeg" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
...
</application>
</manifest>

Shows in the
Launcher and
is the main
activity to
start

Handles JPEG
images in
some way
35

System level protection

for Android app
Each app runs as a unique user identity such
that Android can limit the potential damage of
programming flaws.
Each app runs in own VM sandbox using unique
UID
Each app requests a simple permission label
assignment model to restrict access to
resources and other applications if necessary
Ex. of permission: Internet, camera, GPS
Permission specifies an access policy to protect
its resources.

Android Permissions
All permission of Androids policy are set at install time
and cant change until the application is reinstalled.
Androids permission only restricts access to
components and doesnt currently provide information
flow guarantees.
A permission is listed in apps manifest definition XML
file.
If a public component doesnt explicitly declare any
access permission, Android permits any application to
access it.
Component As ability to access components B and C is
determined by comparing the access permission labels
on B and C to the collection of permission labels
assigned to application A.

Android App Signature

All Android applications must be signed, but are usually
self-signed
Why self signing?
Market ties identity to developer account
No CA in Google, Google does not have central
control over the apps signature certificates
No applications are trusted. No "magic key"
What does signing determine?
Author-update
In signature schemes, the private key is used to sign
a app or message; anyone can check the signature
using the public key.

Permissions Levels
User can assign permissions to applications at
- normal
dangerous
signature
signatureOrSystem

http://developer.android.com/guide/developin
g/building/index.html#detailed-build

Reference
1.http://www.businessweek.com/technology/content/oct2010/tc20
101020_639668.htm
2. http://it-jobs.fins.com/Articles/SB129606993144879991/MobileApp-Developers-Wanted-at-Ad-Agencies
3.http://www.gartner.com/it/page.jsp?id=1466313
4.http://developer.android.com/guide/developing/index.html
5.Android Overview, http://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=0CEcQFjAG&url=h
ttp%3A%2F%2Fai.arizona.edu%2Fmis510%2Fslides%2FAndroid
%2520Overview.ppt&ei=4HBXUNPvMuPe0QGm3oCYCg&usg=AF
QjCNE2Li9vyh34rECKYDuOjKjI5pjyzw&sig2=EwfIL1bPNJacCi6ZaAWCA
6. Mobile Application Security on Android, Originally presented by
Jesse Burns at Black Hat 2009