Presentation about developer level security features on android

1. Sander Alberink
Healthcare Automotive Industrial Automation Machine & Systems EnergyLogistics
Android Security in depth

2. Agenda
 Android overview
 System-level security
 Application-level security
 Enterprise-level security

3. Show of hands...
Who has
■ An Android device?
■ Loaded a custom ROM?
■ Rooted his device?
■ Developed for that device?
22 mei 2013 Android Security in depth4

4. Android Security – System level

5. Android system architecture

6. System level execution
 NX-bit
 Stack-overflow prevention
 Address Space Layout Randomization
 dlmalloc/calloc + extensions
 mmap_min_addr

7. Linux security measures
 Sandboxing in kernel
 Permissions enforced through linux groups
 Each app separate UID

8. Dalvik VM
 Not a security boundary
■ No security manager
■ Permissions are
enforced in OS, not VM
■ Bytecode verification
optimized for speed, not
security

9.  Zygote process preloads typical classes
and dynamic link libraries
 Copy-on-write
■ Only when new process writes page,
new page is allocated.
■ All pages not be written are shared
among all zygote children.
 Exec system call is not used in zygote.
■ wipes the page mapping table of
process.
■ It means exec discards zygote cache.
 Runs as UID=0 (root). After forking child
process, its UID is changed by setuid
system call.
Zygote processes

10. Binder IPC
■ IPC via kernel interface
■ Used under water for all IPC in Android
• Service to application
• Service to system
• But also Intent-based communication...
■ Is security-aware and passes calling UID & GID
22 mei 2013 Powerpoint ICT Automatisering11

11. Additional measures in Android 4.2
 Application verification
■ Additional scan for
malicious sw
 Always-on VPN
 Improvements to
installd/init handling, etc

12. Android Security – Application level

13. Intent system
 Communication between OS and
applications via Intents
 OS resolves requested action
(e.g. 'edit contact') with all
registered Intent receivers
 Highly versatile and modular
 Allows changing out default
functionality for alternatives

14. Permissions
 Permissions determine if
an app can perform an
action
 4 levels:
■ Normal
■ Dangerous
■ Signature
■ System

15. Permissions cont'd
 Permissions checked when:
■ Starting activities
■ Starting/binding to services
■ Sending to BroadcastReceivers
■ Accessings ContentProviders (separate for read and
write
■ … and at any given moment using
Context.checkCallingPermission()

16. App signing
All Android applications must be signed by the author (developer)
 Application or code signing is the process of digitally signing a given application
using a private key to:
 Identify the code's author
 Detect if the application has changed
 Establish trust between applications
On Android, the certificate (X.509) can be self-signed, so there is no need for a
certificate authority
Android applications can be built in debug and release-mode:
 In debug mode the app is automatically signed with debug key and cannot be
distributed (e.g. via Google Play)
 In release-mode the app is signed with the private key.

17. Android Security – Enterprise level

18. Encryption
 Full-disk encryption using dm-crypt
■ Actually: /data partition
 Done using 128 bit AES/SHA256
 Master key encrypted with another key based off device
PIN/passwd
■ Problem: since PIN is usually 4 digits long, cracking
master key is matter of little time...

19. Device Policies
 Determine user-level
security
 Locate lost devices
 Enable remote wipe
 Can disable functionality
(such as camera)

20. VPN
 Support for VPN connections based on
■ IPSec
■ PPTP
■ Own VPN implementation (3rd party, 4.0+)
 Requires use of device lock mechanism
 As of Android 4.2, always-on VPN is possible too

21. Questions?