analysis and research of system security based on android
TRANSCRIPT
![Page 1: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/1.jpg)
Application Security Based On
By- Ravishankar Kumar 95511101
![Page 2: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/2.jpg)
Overview
• Why care about mobile security?• What is Android?
• How do I develop on Android?o Android Market
• What about Security?o Cornerstones of Android security
PreventionMinimizationDetectionReaction
![Page 3: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/3.jpg)
Overview
• Why care about mobile security?• What is Android?
• How do I develop on Android?o Android Market
• What about Security?o Cornerstones of Android security
PreventionMinimizationDetectionReaction
![Page 4: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/4.jpg)
Some Statistics→Android powers hundreds of millions of mobile devices in more than 190 countries around the world.
→Android users download more than 1.5 billion apps and games from Google Play each month.
→Easily optimize a single binary for phones, tablets,
and other devices.
→Google Play is the premier marketplace for
selling and distributing Android apps.
![Page 5: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/5.jpg)
Factor care about mobile security1.Android malware
→ It can use runtime environments like
Java virtual machine or the .NET Framework.
→ It sends personal information to unauthorised third parties.
→ It can partially damage the device, or delete or modify
data on the device.
→ It can spread through proximate devices using Wi-Fi,
Bluetooth and infrared.
→ It can also spread using remote networks such as telephone calls
or SMS or emails.
![Page 6: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/6.jpg)
Factor care about mobile security
2.Ad Networks and Permissions
→Attackers access to a phone number or device ID lets advertisers track your movements between apps, and build up complicated profiles.
→Less reputable ad networks may also try to access your address book in order to send ads to other people, or even change your ringtone to an advertisement.
→The attacker can easily force the smartphone to make phone calls.
3. Loss and Theft
→Reports claim that 1.6 million Americans had their phone stolen in 2013.
![Page 7: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/7.jpg)
Mobile Security Matures
We are now seeing attacks against all layers of mobile infrastructure:
• Applications• Platform• OS• Baseband• Network
Mobile devices must be treated as fully fledged computers.
![Page 8: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/8.jpg)
Overview
• Why care about mobile security?• What is Android?• How do I develop on Android?
o Android Market• What about Security?
o Cornerstones of Android securityPreventionMinimizationDetectionReaction
![Page 9: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/9.jpg)
Introducing Android
» Android is open source and Google releases the code under the Apache License.
Source code at http://source.android.com
» Any developer can use
SDK at http://developer.android.com
» Third party apps available on Google Play
Download at http://play.google.com/store
»Official Website of Android
More at http://www.android.com
![Page 10: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/10.jpg)
Android Version
![Page 11: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/11.jpg)
New Version
![Page 12: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/12.jpg)
Usage On
![Page 13: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/13.jpg)
The Android Technology Stack• Linux kernel• Relies upon 90+ open source libraries
o Integrated Web Kit based browsero SQLite for structured data storageo OpenSSLo Bouncy Castleo libc based on OpenBSDo Apache Harmonyo Apache Http Client
• Supports common sound, video and image codecs• API support for handset I/O
o Bluetooth, EDGE, 3G, wifio Camera, Video, GPS, compass, accelerometer,
sound, vibrator
![Page 14: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/14.jpg)
Overview• Why care about mobile security?• What is Android?• How do I develop on Android?
o Android Market• What about Security?
o Android security IssueoStoring DataoUsing PermissionoCryptography
Example Application
![Page 15: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/15.jpg)
Android SecuritySome of the core security features that help you build secure apps include:
»The Android Application Sandbox, which isolates your app data and code execution from other apps.
»An application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC.
» An encrypted file system that can be enabled to protect data on lost or stolen devices.
» User-granted permissions to restrict access to system features and user data.
» Application-defined permissions to control application data on a per-app basis.
![Page 16: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/16.jpg)
Android Application Sandbox
![Page 17: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/17.jpg)
Storing DataThe most common security concern for an application on Android is whether the data that you save on the device is accessible to other apps.
There are three fundamental ways to save data on the device:
1. Using internal storage
» By default, files that you create on internal storage are accessible only to your app.
» To provide additional protection for sensitive data, you might choose to encrypt local files using a key that is not directly accessible to the application.
2. Using external storage
» Files created on external storage, such as SD Cards, are globally readable and writable.
» As with data from any untrusted source, you should perform input validation when handling data from external storage.
![Page 18: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/18.jpg)
Storing Data Cont..
3. Using content providers
»Content providers offer a structured storage mechanism that can be limited to your own application or exported to allow access by other applications.
» When creating a ContentProvider that will be exported for use by other applications, you can specify a single permission for reading and writing, or distinct permissions for reading and writing within the manifest.
![Page 19: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/19.jpg)
Using PermissionsBecause Android sandboxes applications from each other, applications must explicitly share resources and data.
Requesting Permissions
» If it's possible to design your application in a way that does not require any permissions, that is preferable.
» addition to requesting permissions, your application can use the <permissions> to protect IPC that is security sensitive and will be exposed to other applications, such as a ContentProvider.
Creating Permissions
» Creating a new permission is relatively uncommon for most applications.
![Page 20: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/20.jpg)
Using Permission Cont..Creating Permissions
» If you must create a new permission, consider whether you can accomplish your task with a "signature" protection level.
» If you create a permission with the "dangerous" protection level, there are a number of complexities that you need to consider:
1. The permission must have a string that concisely expresses to a user the security decision they will be required to make.
2.The permission string must be localized to many different languages.
3.Users may choose not to install an application because a permission is confusing or perceived as risky.
4.Applications may request the permission when the creator of the permission has not been installed.
![Page 21: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/21.jpg)
Using Cryptography
» Android provides a wide array of algorithms for protecting data using cryptography.
» Use existing cryptographic algorithms such as those in the implementation of AES or RSA provided in the Cipher class.
» Use a secure random number generator, SecureRandom, to initialize any cryptographic keys, KeyGenerator.
![Page 22: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/22.jpg)
Overview
• Why care about mobile security?• What is Android?• How do I develop on Android?o Android Market
• What about Security?o Cornerstones of Android security
Prevention Minimization Detection ReactionExample Application
![Page 23: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/23.jpg)
Example Applications
• Lookout Security & Antivirus
• App Lock
• Phone security alarm system
![Page 24: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/24.jpg)
Lookout Security & AntivirusLookout Security & Antivirus FREE Features:
![Page 25: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/25.jpg)
Lookout Security & AntivirusLookout Security & Antivirus FREE Features:
►SECURITY & ANTIVIRUS• App Scanning: Continuous, over-the-air
protection from viruses, malware,
adware and spyware
![Page 26: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/26.jpg)
Lookout Security & AntivirusLookout Security & Antivirus FREE Features:
►SECURITY & ANTIVIRUS• App Scanning: Continuous, over-the-air
protection from viruses, malware,
adware and spyware
►FIND MY PHONE• Locate & Scream: Map the location of
your device and make it sound an alarm• Signal Flare: Automatically save your
phone's location when the battery is low.
![Page 27: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/27.jpg)
Lookout Security & AntivirusLookout Security & Antivirus FREE Features:
►SECURITY & ANTIVIRUS• App Scanning: Continuous, over-the-air
protection from viruses, malware,
adware and spyware
►FIND MY PHONE• Locate & Scream: Map the location of
your device and make it sound an alarm• Signal Flare: Automatically save your
phone's location when the battery is low.
►BACKUP & DOWNLOAD
• Contact Backup: Save a copy of your
Google contacts
![Page 28: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/28.jpg)
Lookout Security & Antivirus
![Page 29: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/29.jpg)
App LockApp Lock Features:
» AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
![Page 30: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/30.jpg)
App LockApp Lock Features:
» AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
» AppLock empowers you to control photo and
video access.
![Page 31: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/31.jpg)
App LockApp Lock Features:
» AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
» AppLock empowers you to control photo and
video access.
» With AppLock, only you can see your hidden pictures. Privacy made easy!
![Page 32: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/32.jpg)
App LockApp Lock Features:
» AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings.
» AppLock empowers you to control photo and
video access.
» With AppLock, only you can see your hidden pictures. Privacy made easy!
» Selected pictures vanish from your photo
gallery, and stay locked behind an
easy-to-use PIN pad.
![Page 33: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/33.jpg)
App Lock
![Page 34: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/34.jpg)
![Page 35: Analysis and research of system security based on android](https://reader035.vdocuments.mx/reader035/viewer/2022062404/554d2a14b4c905ca208b51f2/html5/thumbnails/35.jpg)