Download - ANDROID DEVELOPMENT #7
![Page 1: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/1.jpg)
ANDROID DEVELOPMENT
#7
@brmlab
středa, 3. dubna 13
![Page 2: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/2.jpg)
NDK
C / C++Interfaces to Java classes definitionJNI to integrate with Java applicationOpenGL C++
středa, 3. dubna 13
![Page 3: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/3.jpg)
NDK PURPOSE
Not suitable for every app developmentNot necessarily faster than Java (relative)2D / 3D game enginesPre-implemented algorithms3RD party (media codecs, crypto, opencv)
středa, 3. dubna 13
![Page 4: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/4.jpg)
ANDROIDGAME ENGINES
Cocos2D-XOGREPowerVRMarmaladeAndEngineLINDERDAUM
středa, 3. dubna 13
![Page 5: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/5.jpg)
APPS USING NDK ONLY?
YES (with limits)
středa, 3. dubna 13
![Page 6: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/6.jpg)
JNI
Java Native InterfaceNot only “Android thing”Bi-Directional APIJavac for SDK, GCC/G++ for NDK
středa, 3. dubna 13
![Page 7: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/7.jpg)
JNI USAGE[Java] System.loadLibrary(String)[Java] keyword “native”
native {type} functionName({args})eg. native String getUname();
[C/C++] jclass, jstring, jobject, jint[C/C++] JNIEnv, JavaVM
středa, 3. dubna 13
![Page 8: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/8.jpg)
NDK DEBUGGING
Same debug process as with SDKBreakpoints, Expressions, StacktracesSeparated from SDK
separately raised exceptions and debuggingcan’t trace in hybrid java/native complex
středa, 3. dubna 13
![Page 9: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/9.jpg)
NDK PERMISSIONS
No special NDK permissionsPermissions inherited from AndroidManifest.xml
středa, 3. dubna 13
![Page 10: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/10.jpg)
NDK SECURITY
Kernel-level sandboxingJava VM Zygote - Single control processMore vulnerable than SDK (app->system)Most ROM cracked through NDK/JNI
středa, 3. dubna 13
![Page 11: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/11.jpg)
ANDROID SECURITY
Application SandboxingProcess runtime separation (POSIX)Applications are given unique UID and GIDZygote controls resources/libraries usageAPK is signed (SSL manner)Application permissions
středa, 3. dubna 13
![Page 12: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/12.jpg)
středa, 3. dubna 13
![Page 13: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/13.jpg)
APPLICATION PERMISSIONS
Enforced on Framework levelCannot be changed on runtimeBoth Hardware and Software permissionsApplication can create new permissions
středa, 3. dubna 13
![Page 14: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/14.jpg)
středa, 3. dubna 13
![Page 15: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/15.jpg)
PERMISSIONS PROTECTION
On application defined permissionsprotectionLevel
0 - normal - no special confirmation1 - dangerous - may require confirm.2 - signature - required signature match3 - signatureOrSystem - special
středa, 3. dubna 13
![Page 16: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/16.jpg)
DEVICE ADMINISTRATION
Special type of permissionAntivirus apps (ESET, Lookout)Lock, Wipe, Password (renewal, change, expire,...)Disable camera, Encrypt storage, Requires standalone confirmationsince API 9
středa, 3. dubna 13
![Page 17: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/17.jpg)
ANDROID VULNERABILITY
SharedPreferences are plain XMLSQLite databases are plain .sqlite filesJava is easily decompilable (JD)Android DEX is too (Dex2JAR, dedexer)strings, layouts, drawables are plain xml/bitmapMITM predisposition
středa, 3. dubna 13
![Page 18: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/18.jpg)
SECURING APPLICATIONS
ProGuard (obfuscating code)In-App-Billing security (LVL)OAuth (OpenID, Google APIs)Including SSL certificates in app bundle (not relying on system provided ones)
středa, 3. dubna 13
![Page 19: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/19.jpg)
SECURING SOLUTION
Secure your APIAPI is not hidden from attackers
Secure sensitive data in databases and storages (asymmetric crypto is your friend)You cannot just include key-pairYou cannot hide passwords in code
středa, 3. dubna 13
![Page 20: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/20.jpg)
JAVA HEAPApplications are given memory limitDiffers by device, api level and hw params
typically between 16 and 32 MBtablet PCs and high-ends have more
Exceeding leads to OutOfMemoryErrorBeware of (bad) working with bitmaps
středa, 3. dubna 13
![Page 21: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/21.jpg)
MEMORY LEAKS
Garbage Collector is not a solutionContext memory leaks
Objects are assigned context but not cleaned upBeware of static class memberBeware of attaching to application context
středa, 3. dubna 13
![Page 22: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/22.jpg)
INDICATION
středa, 3. dubna 13
![Page 23: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/23.jpg)
LEAK DESTRUCTION
dump HPROFHeap Allocation Profile
Eclipse MATMemory Analyzer Tool
středa, 3. dubna 13
![Page 24: ANDROID DEVELOPMENT #7](https://reader035.vdocuments.mx/reader035/viewer/2022081622/613d4c2d736caf36b75baa1f/html5/thumbnails/24.jpg)
středa, 3. dubna 13