introduction to android - kinneret · introduction to android 24 october 2017 ... used linux 2.6...
TRANSCRIPT
24 Oct 2017 SE 435: Development in the Android Environment 1
Introduction to Android 24 October 2017
Lecture 1
Topics for Today
• What is Android?
– Terminology and Technical Terms
• Ownership, Distribution, Advertising
Sources
• Programming Android 1, 3
• developer.android.com
24 Oct 2017 SE 435: Development in the Android Environment 2
Why Android?
• Android is an open source operating system produced (?)
by the Open Handset Alliance (OHA)
– OHA is made up of 84 companies in the cellular, software
industries
– Includes:
– Software engineering by Google
• What does OHA do?
24 Oct 2017 SE 435: Development in the Android Environment 3
Why Study Android?
• Programs are written in an unusual way
• Android OS implements user and program interaction in
an interesting way
• There is a lot of research understanding how Android
works, how it should work, and how it can be modified.
• Number of papers on Android (as of 1 Oct 2017):
– In ACM Digital Library: 5,872 papers
– In IEEE Xplore Digital Library: 7,410 papers
24 Oct 2017 SE 435: Development in the Android Environment 4
Terminology and Terms
• When someone says “Android”, he could mean:
1. A cell phone, tablet, or device capable of running the Android
OS
2. The Android OS and its source code
3. The application programmer interface (API) and libraries
available for programmers to use the services of a compatible
device
• In this course, we’ll focus on 2 and 3
– Android tries to hide device details from apps
• app: An application written for applications written for the
Android OS or Apple iOS
24 Oct 2017 SE 435: Development in the Android Environment 5
Android OS Terms • Android OS is based on Linux
– Up until Android Version 4.0, used Linux 2.6 kernel
– Since, Android OS uses the Linux 3.x kernels (varies versions)
– Some fights between Google and Linux about integrating changes into the
regular Linux kernel
• Android OS has a fast update cycle – new updates every 6 to 9 months
• Each Android release has: – An official version number (ex. 2.2, 2.3)
– An official nick name (code name) (alphabetical candies)
– An official API level (incremental)
• Android is open source – GPL, Apache Software License, and BSD Licenses (worry about it if you plan
on changing Android)
– Official source code dump on the Android Open Source Project (AOSP)
24 Oct 2017 SE 435: Development in the Android Environment 6
Android Versions
24 Oct 2017 SE 435: Development in the Android Environment 10
• Some updates are just security or bug fixes, so they don’t update the API level
• Android OS is open source, so device manufacturers make custom versions – Android Compatibility Definition Document
– Some “community” versions of Android
– No “pure” version of the Android OS
• Google directly manages Nexus devices, so they have the “purest” OS with least custom additions
Link: https://developer.android.com/about/dashboards/index.html
Rooting, Versions, Bugs • Android OS hides some features of Linux kernel
– Prevents some advanced networking and communication features
– Prevents regular apps from doing some system administrator actions
– Community mods can unlock those capabilities
• Android OS denies the user system level “root” access
– Prevents apps from doing some bad or iffy things
– Rooting a device means breaking the OS to get system administrator access
– May involve replacing the Android OS with another one
– People root phones to do things Android OS forbids
• Some Android OS versions have security bugs which were fixed in later versions
– No central update service, so old phones stay old
– Some old phones can’t handle newer OS versions
– People root phones to install newer Android OS version
• Apps written for a particular API level should work on any phone at that API level
– Rooted device with unofficial OS version ?
24 Oct 2017 SE 435: Development in the Android Environment 11
Ima
ge
so
urc
es: h
ttp
://w
ww
.alib
ab
ag
rou
p.c
om
/en
/ne
ws/lib
rary
#slid
e_
log
o,
By C
op
pe
rhe
ad
Se
cu
rity
- h
ttp
s:/
/gith
ub
.co
m/c
op
pe
rhe
ad
/bra
nd
ing
, P
ub
lic D
om
ain
, h
ttp
s:/
/co
mm
on
s.w
ikim
ed
ia.o
rg/w
/in
de
x.p
hp
?cu
rid
=5
06
26
61
2
Languages and Android • Android OS is based on Linux, written in C and C++
• Most apps developed in Java – With a set of Java APIs which grant access to the device and network
– Can also use Kotlin (new)
• Since 5.0, App’s Java source code compiled to Dalvik Byte Code (dex) for APK files
– Akin to Java byte code, but not the same
– Android OS uses just-in-time compilation to convert dex to binary instructions
– On installation, compiled to native Android Run Time (ART) code
– After installation, runs native code
• Older versions run DEX inside Dalvik Virtual Machine (DVM) instances
• Apps can be written in C using Native Development Kit (NDK) – Compiled with Java Native Interface (JNI)
– Can call native methods from regular Java code
– Limited to certain processors
• Apps can be written in HTML5 and JavaScript – Not compiled, just run via a browser window
24 Oct 2017 SE 435: Development in the Android Environment 12
Developing for Android
24 Oct 2017 SE 435: Development in the Android Environment 13
• Google sponsored IDE: Android Studio (based on IntelliJ) – Older version was based on Eclipse / Android Development Toolkit
– Can also develop using Visual Studio and Xamarin
App source code is compiled into dex, digitally signed, then stored in an APK file
• Compatible with ZIP, fixed structure with file names and directories
• Device’s Application Installer parses APK and installs it
• Stored on device after install in a hidden directory
• Android Run Time (ART) compiles dex into natively executable files to run
Android app development is relatively easy
• Android is basically open and free
• About 292.6 million Android devices shipped in Q1 of 2017 Lin
k: htt
ps:/
/ww
w.id
c.c
om
/pro
mo/s
ma
rtphone
-mark
et-
share
/vendor
So Far
• What is Android?
– Terminology and Technical Terms
• Ownership, Distribution, Advertising
24 Oct 2017 SE 435: Development in the Android Environment 14
Android Debug Bridge
• Copy over the APK file to
the device, install it
• Can install any app that
way, signed or not
– Develop, debug
• Requires setting debug
permissions on the phone
App Store
• Download from an App
Store web site
– 36 major ones as of
October 2014
• App installed by App
Installer
– Checks digital signature
– Checks permissions with
user
24 Oct 2017 SE 435: Development in the Android Environment 15
Installing Apps
App Stores: Big and Small • App stores can be international or
regional
• Google Play is the largest: – 2.2 million apps (June 2016)
– 2.5 billion downloads per month (as of July 2015)
• Amazon’s app market is big: – 600,000 apps (as of June 2016)
– 25 million downloads per month (estimate June 2014)
• Language specific app stores: – Chinese
– Russian
– Korean
• Manufacturer app stores: – Lenovo
– Samsung
• Open Source: F-Droid
• Many filter apps
• Google Play takes any app, but runs it though an app filter called Bouncer first
• Amazon App Market checks all apps by hand
• Why filter? – Prevent malware
– Preserve ownership and payment
24 Oct 2017 SE 435: Development in the Android Environment 16
App Store Downloads
24 Oct 2017 SE 435: Development in the Android Environment 17
Source: http://www.onepf.org/appstores/ (2014)
Malware Apps designed to do bad things
1. Delete device data or destructive stuff – Disable device – “ransomware”
2. Copy contacts and photos for storage, mining, spamming, blackmail
3. Connect to a server, have device send spam or DDOS
4. Things which cost money – premium SMS, phone calls
5. Use device resources for evil – recording, taking pictures, track movements
• Google Play removed 36,000 malware apps in July 2013 alone
• Certain markets worse: – Anzhi (China): 77.6% present risk
– China overall: 39.2% present risk
– In India: average device has 3 risky apps
– In China: average device has 2.4 risky apps
24 Oct 2017 SE 435: Development in the Android Environment 18
Source: Fortinet Threat Landscape 2014
Payment and Ownership Apps make money in three ways:
1. Enforce download fees: App store charges and passes along some – Some thieves copy real apps, repackage them, distribute themselves
– Some copy for money
– Some add malware functionality before
2. Showing ads: Free to download, ad network pays for screen space – App includes some libraries or activities from the ad network
– Ad activity downloads ads and shows them
– Ad network pays per view or click
– Ad activity may gather other info: phone IMEI or IMSI, location
3. In app billing: Free to download, no ads – User pays to use part of the tool or for certain features
– Some games force the user to buy tokens or capabilities
– Google has begun to require in app billing be done via Google Payments
24 Oct 2017 SE 435: Development in the Android Environment 19
Android is free?
• Google gives away
Android OS for free -
why?
24 Oct 2017 SE 435: Development in the Android Environment 20