android tutorial for mobile

7/28/2019 Android Tutorial for mobile

1/28

Mobile Application Security on Android

Originally presented by Jesse Burns at Black Hat 2009

1


2/28

What is Android?

Smart Phone Operating System

Based on the Linux kernel

Expanded to support cellular based

communication

GSM, CMDA

Java like middleware

2


3/28

More Android

Open Source

Mostly Apache v2 license

Linux kernel is GPLv2

Free

Open APIs

If Google uses them, so can developers

3


4/28

Applications

Built from for components

Activity

Service

Content Provider

Broadcast Receiver

Run in own VM sandbox using unique

UID

4


5/28

More on Apps

Use explicitly defined permissions

Communicate through Intents

Intents are Inter-Process

Communications

Applications register which Intents they

wish to handle

5


6/28

Signatures

applications must be signed, but are

usually self-signed

proves no relationship with Google, but

creates chain of trust between updates andamong applications

6


7/28

Permissions I

>100 defined by the system

Declared at install time in Manifest.xml

Disclosed by PackageInstaller, protected by

root ownership

7


8/28

Permissions II

applications can define arbitrary new

perms

normal

dangerous

signature

signatureOrSystem

8


9/28

Permission III

Permissions checked at runtime

SecurityException thrown if permission

denied

9


10/28

Intents

Core of Android IPC

Can cross security boundaries

Generally defined as a goal action and

some data

10


11/28

Intent II

Used to:

Start an Activity

Broadcast events or changes

Start, stop, or communicate withbackground Services

Access data held by ContentProviders

Call backs to handle events

11


12/28

Intent Filters

Used to determine recipient of Intent

Can be overridden

Provide no security

Intents can explicitly define receiver

12


13/28

Activities

The user interface consists of a series ofActivity

components.

Each Activity is a screen.

User actions tell an Activity to startanotherActivity, possibly with the expectation of a result.

13


14/28

Activity II

The target Activity is not necessarily in

the same application.

Directly or via Intent action strings.

Processing stops when another Activity

is on top.

Must be able to handle malformed intents Dont start Intents that contain sensitive data

14


15/28

Activity III

Starting an Activity from an Intent

15


16/28

Activity IV

Forcing an Activity to start

16


17/28

Activity V

Protecting Activities

17


18/28

Broadcasts

Act as recievers for multiple components

Provide secure IPC

Done by specifying permissions on

BroadcastReceiver regarding sender

Otherwise, behave like activities in

terms of IPC

18


19/28

Broadcast II

Still need to validate input just in case

Sticky Broadcasts

Persistent

Apps require special permissions to

create/destroy sticky broadcasts

No guarantee of persistence

Cant define permission Dont send sensitive data

19


20/28

Services

Run in background

Play music, alarm clock, etc

Secured using permissions

Callers may need to verify that Service

is the correct one

20


21/28

Services II

Verification:

Check Services permissions

res = getPackageManager().checkPermission(permToCheck,

name.getPackageName());

21


22/28

ContentProviders

Generally SQL backend

Used to share content between apps

Access controlled through permission

tags

22


23/28

ContentProviders II

Apps can be dynamically authorized

access

Possible security hole

Must protect against SQL injection Sanitize input using parameterization

23


24/28

Intent Reflection

Intents may be sent when app is called

App sends Intent as app and not as

caller: reflection

May exceed callers permissions

Use PendingIntent instead, intent

correctly identified as coming from caller

24


25/28

File System

Internally standard Linux file systems

yaffs2, ext*

Support stand Unix permissions

Vulnerabilities if permissions not setcorrectly

Sensitive data could be read

Other programs could write junk/wastespace

25


26/28

File System II

Consider what files need what

protections

Config files: not writeable

Log files: not world readable

Mass storage formatted as FAT, no Unix

permissions support

All data world readable Consider encryption

26


27/28

Binder

Kernel module that provides secure IPC

on top of the standard Linux shared

memory architecture

Includes interface to Parceable Parceable objects are passed by Binder

Can also move file descriptors, and

other Binders

27


28/28

Binder II

Efficient, secure IPC

Check callers permissions / identity

Only selectively give out interface

Once given out, interface can be disseminatedfreely

All Binders are globally unique

28

android tutorial for mobile

Documents