Analysis and research of system security based on android

Application Security Based
On
By- Ravishankar Kumar
95511101

Overview
• Why care about mobile security?
• What is Android?
• How do I develop on Android?
o Android Market
• What about Security?
o Cornerstones of Android security
Prevention
Minimization
Detection
Reaction

Some Statistics
→Android powers hundreds of millions of mobile
devices in more than 190 countries around the world.
→Android users download more than 1.5 billion apps
and games from Google Play each month.
→Easily optimize a single binary for phones, tablets,
and other devices.
→Google Play is the premier marketplace for
selling and distributing Android apps.

Factor care about mobile security
1.Android malware
→ It can use runtime environments like
Java virtual machine or the .NET Framework.
→ It sends personal information to unauthorised third parties.
→ It can partially damage the device, or delete or modify
data on the device.
→ It can spread through proximate devices using Wi-Fi,
Bluetooth and infrared.
→ It can also spread using remote networks such as telephone calls
or SMS or emails.

Factor care about mobile security
2.Ad Networks and Permissions
→Attackers access to a phone number or device ID lets advertisers
track your movements between apps, and build up complicated profiles.
→Less reputable ad networks may also try to access your address
book in order to send ads to other people, or even change your ringtone to
an advertisement.
→The attacker can easily force the smartphone to make phone calls.
3. Loss and Theft
→Reports claim that 1.6 million Americans had their phone stolen in
2013.

Mobile Security Matures
We are now seeing attacks against all layers of
mobile infrastructure:
• Applications
• Platform
• OS
• Baseband
• Network
Mobile devices must be treated as fully fledged computers.

Introducing Android
» Android is open source and Google releases the code under
the Apache License.
Source code at http://source.android.com
» Any developer can use
SDK at http://developer.android.com
» Third party apps available on Google Play
Download at http://play.google.com/store
»Official Website of Android
More at http://www.android.com

The Android Technology Stack
• Linux kernel
• Relies upon 90+ open source libraries
o Integrated Web Kit based browser
o SQLite for structured data storage
o OpenSSL
o Bouncy Castle
o libc based on OpenBSD
o Apache Harmony
o Apache Http Client
• Supports common sound, video and image codecs
• API support for handset I/O
o Bluetooth, EDGE, 3G, wifi
o Camera, Video, GPS, compass, accelerometer,
sound, vibrator

Overview
o Android Market
o Android security Issue
oStoring Data
oUsing Permission
oCryptography
Example Application

Android Security
Some of the core security features that help you build secure apps
include:
»The Android Application Sandbox, which isolates your app data and
code execution from other apps.
»An application framework with robust implementations of common
security functionality such as cryptography, permissions, and secure
IPC.
» An encrypted file system that can be enabled to protect data on lost
or stolen devices.
» User-granted permissions to restrict access to system features and
user data.
» Application-defined permissions to control application data on a
per-app basis.

Storing Data
The most common security concern for an application on Android is
whether the data that you save on the device is accessible to other
apps.
There are three fundamental ways to save data on the device:
1. Using internal storage
» By default, files that you create on internal storage are accessible
only to your app.
» To provide additional protection for sensitive data, you might
choose to encrypt local files using a key that is not directly accessible to
the application.
2. Using external storage
» Files created on external storage, such as SD Cards, are globally
readable and writable.
» As with data from any untrusted source, you should perform input
validation when handling data from external storage.

Storing Data Cont..
3. Using content providers
»Content providers offer a structured storage mechanism that can
be limited to your own application or exported to allow access by
other applications.
» When creating a ContentProvider that will be exported for use
by other applications, you can specify a single permission for reading
and writing, or distinct permissions for reading and writing within the
manifest.

Using Permissions
Because Android sandboxes applications from each other, applications
must explicitly share resources and data.
Requesting Permissions
» If it's possible to design your application in a way that does not
require any permissions, that is preferable.
» addition to requesting permissions, your application can use the
<permissions> to protect IPC that is security sensitive and will be
exposed to other applications, such as a ContentProvider.
Creating Permissions
» Creating a new permission is relatively uncommon for most
applications.

Using Permission Cont..
Creating Permissions
» If you must create a new permission, consider whether you can
accomplish your task with a "signature" protection level.
» If you create a permission with the "dangerous" protection level, there
are a number of complexities that you need to consider:
1. The permission must have a string that concisely expresses to a user
the security decision they will be required to make.
2.The permission string must be localized to many different languages.
3.Users may choose not to install an application because a permission
is confusing or perceived as risky.
4.Applications may request the permission when the creator of the
permission has not been installed.

Using Cryptography
» Android provides a wide array of algorithms for protecting data
using cryptography.
» Use existing cryptographic algorithms such as those in the
implementation of AES or RSA provided in the Cipher class.
» Use a secure random number generator, SecureRandom, to
initialize any cryptographic keys, KeyGenerator.

Overview
o Android Market
o Cornerstones of Android security
 Prevention
 Minimization
 Detection
 Reaction
Example Application

Example Applications
• Lookout Security & Antivirus
• App Lock
• Phone security alarm system

Lookout Security & Antivirus
Lookout Security & Antivirus FREE Features:

►SECURITY & ANTIVIRUS
• App Scanning: Continuous, over-the-air
protection from viruses, malware,
adware and spyware

adware and spyware
►FIND MY PHONE
• Locate & Scream: Map the location of
your device and make it sound an alarm
• Signal Flare: Automatically save your
phone's location when the battery is low.

adware and spyware
►FIND MY PHONE
• Locate & Scream: Map the location of
your device and make it sound an alarm
• Signal Flare: Automatically save your
phone's location when the battery is low.
►BACKUP & DOWNLOAD
• Contact Backup: Save a copy of your
Google contacts

App Lock
App Lock Features:
» AppLock can lock SMS, Contacts, Gmail, Facebook,
Gallery, Market, Settings.

App Lock
App Lock Features:
» AppLock empowers you to control photo and
video access.

App Lock
App Lock Features:
video access.
» With AppLock, only you can see your hidden
pictures. Privacy made easy!

App Lock
App Lock Features:
video access.
» With AppLock, only you can see your hidden
pictures. Privacy made easy!
» Selected pictures vanish from your photo
gallery, and stay locked behind an
easy-to-use PIN pad.

Analysis and research of system security based on android

Analysis and research of system security based on android

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (16)

Similaire à Analysis and research of system security based on android

Similaire à Analysis and research of system security based on android (20)

Dernier

Dernier (20)

Analysis and research of system security based on android