3. What is Android?
•Android is a software stack
for mobile devices that
includes an operating system
•Developed by Google and
Open Handset Alliance ‘OHA’
•Android platform using the
Java programming language
•Largest market share ,more than
Symbian and IOS
4. Application Components
• Activities: An activity represents a single screen with
a user interface.
• Services: It is runs in the background .
• Broadcast receivers: Responds to system-wide
broadcast announcements.
• Content providers: It is manages a shared set of
application data.
5.
6. Types of threats
• Malware apps:
The idea is to lure users into downloading a free or heavily
discounted game, get them to launch it, and clandestinely install
malware behind their back.
• Drive-by exploits:
The idea is to lure Android users to visit a website containing code
that exploits a known weakness in a browser.
7. • Web Browser Vulnerability
• available as of October 22, 2008.
• Can affect any information browser have access on them.
• GappII
• The service runs behind the scene and monitors the status
of current phone screen.
• can be remotely controlled to install additional apps without
user’s knowledge.
8. • UpdtKiller
• Upload victims’ personal information and retrieve commands
from a remote control and command (C&C) server.
• Block antivirus software processes so that viruses can’t be
detected.
• UpdtBot
• UpdtBot registers a remote Command and Control (C&C) server.
• Can send text messages, make phone calls, and download and
install apps.
9. Security Mechanism
in Android
Sandboxes
Each application is
associated with a
different UID.
Every application runs
in its own Linux process.
Each process runs on
its own Java VM.
Application’s directory
is only available to the
application.
10. Security Mechanism
in Android
Permissions
• Any application needs
explicit permissions to
access the components of
other applications.
• These permissions are set
by the package installer.
11. Security Mechanism in Android
Signatures
Any Android application must be signed with a
certificate whose private key is held by the
developer.
Identify the code's author.
Detect if the application has changed.
Establish trust between applications.
12. How to protect ourselves
• Download Apps Only from Trusted Sources
• Always check app permissions. Whenever you download
or update an app, you get a list of permissions for it.
• Don't View Sensitive Information on Public Wi-Fi
• Put a malware and antivirus scanner on your phone.
• Protect Your Phone with a Password
13. Conclusion
• Android has a unique security model, which
focuses on putting the user in control of the
device.
• It is balance between security and usability.