3. What we discuss?
Android OS Basics
Understanding APK
Android Architechture
Android Security Model
Android Rooting
A Brief look into android malwares
Reversing android malwares
Pentesting on Android platform
Demos
4. What is Android?
Android is a software stack for mobile devices.
The stack consists of An Operating System, Middleware and Key mobile applications
It is initially developed by Android Inc in 2003 and later acquired by Google in 2005.
2007 – OHA(Open Handset Alliance)
Largest market share
HTC Dream – the first commercially available mobile phone based on android based operating system.
5. Why Android?
Wherever you go it follows you!! (Tablets, mobile phones, TVs)
Open source
Anyone can develop apps! No restrictions like Iphone
Runs on Linux 2.6.X kernel
Uses SQLITE databases
Official market containing over 7,00,000 apps
6.
7.
8. Understanding the APK
Every app contains the extension .APK
Nothing but a zip file
Can be extracted with winrar or winzip.
Written in Java, with native libraries in C/C++
Composed of components such as activities, services,
Broadcast Receivers etc.
12. Components
Activity Screen to let users interact – Buttons, text view, image view etc.
Service Performs the work in the back ground – playing music
Broadcast receiver Receives and Responds to broadcast announcements
Binds individual components at runtime
Intents
Stores and retrieves the application data – SQLITE databases
Content Providers
13.
14. Permissions – They Suck!!
Declared in AndroidManifest.xml
XML file contains all the components and permissions
App can only use the declared permissions
15. Permissions
ACCESSS_COARSE_LOCATION CAMERA
CHANGE_WIFI_STATE
ACCESS_FINE_LOCATION
READ_CALL_LOG
CALL_PHONE
READ_SMS
READ_CONTACTS
16. Android Security Model
Application 1 Application 2 Application 3
UID : 1000 UID : 1001 UID : 1002
Dalvik VM Dalvik VM Dalvik VM
Application 4 Application 5
UID : 1003 UID : 1004
Dalvik VM Dalvik VM
SYSTEM PROCESS (UID : SYSTEM)
LINUX KERNEL
17.
18. Dalvik Virtual Machine
Created by Dan Bornstein
It’s a virtual System to run the android apps
Register based instead of stack based
It runs the dex (Dalvik Executables) files