30-12-2015, 03:58 PM
ABSTRACT
Android is a software stack for mobile devices that includes an operating system,middleware and key applications.Android is a software platform and operating systemfor mobile devices based on the Linux operating system and developed by Google andthe Open Handset Alliance. It allows developers to write managed code in a Java-likelanguage that utilizes Google-developed Java libraries, but does not support programs developed in native code.
Introduction
The rapid growth of smartphones has lead to a renaissance for mobile services. Go
anywhere applications support a wide array of social, financial, and enterprise services for any user with a cellular data plan. Application markets such as Apple’s App Store and Google’s Android Market provide point and click access to hundreds of thousands of paid and free applications. Markets streamline software marketing, installation, and
update therein creating low barriers to bring applications to market, and even lower barriers for users to obtain and use them.
Android
• G1 and the Android Market
• Android platform
• Developer tools
• Android programming
Our popularity-focused security analysis provides insight into the most frequently used applications. Our findings inform the following broad observations.
1. Similar to past studies, we found wide misuse of privacy sensitive information particularly phone identifiers and geographic location. Phone identifiers, e.g., IMEI, IMSI, and ICC-ID, were used for everything from “cookie-esque” tracking to ac-
counts numbers.
2. We found no evidence of telephony misuse, background recording of audio or video, abusive connections, or harvesting lists of installed applications.
3. Ad and analytic network libraries are integrated with 51% of the applications studied, with Ad Mob (appearing in 29.09% of apps) and Google Ads (appearing in 18.72% of apps) dominating. Many applications include more than one ad library.
4. Many developers fail to securely use Android APIs. These failures generally fall into the classification of insufficient protection of privacy sensitive information. However, we found no exploitable vulnerabilities that can lead malicious control of the phone.
Hardware
Google has unveiled at least three prototypes for Android, at the Mobile WorldCongress on February 12, 2008. One prototype at the ARM booth displayed several basic Google applications. A 'd-pad' control zooming of items in the dock with arelatively quick response.A prototype at the Google IO conference on May 28, 2008 had a 528 MHzQualcomm processor and a Synaptics capacitive touch screen, and used the UMTScellular standard. It had 128 MB of RAM and 256 MB of flash, showing thatAndroid's memory requirements are reasonable. The demo was carried out using a3.6 Mbit/s HSDPA connection.
Background
Android: Android is anAndroid provides a sandboxed application execution environment. A customized embedded Linux system interacts with the phone hardware and an offprocessor cellular radio. The Binder middleware and application API runs on top of Linux. To simplify, an application’s only interface to the phone is through these APIs. Each application is executed within a Dalvik Virtual Machine (DVM) running under a unique UNIX uid. The phone comes pre-installed with a selection of system applications, e.g., phone dialer, address book. Applications interact with each other and the phone
through different forms of IPC. Intents are typed interprocess messages that are directed to particular applications or systems services, or broadcast to applications
subscribing to a particular intent type. Persistent content provider data stores are queried through SQL-like interfaces. Background services provide RPC and callback
interfaces that applications use to trigger actions or access data. Finally user interface activities receive named action signals from the system and other applications.
Binder acts as a mediation point for all IPC OS designed for smartphones.