24 Oct 2017 SE 435: Development in the Android Environment 1

Introduction to Android 24 October 2017

Lecture 1

Topics for Today

• What is Android?

– Terminology and Technical Terms

• Ownership, Distribution, Advertising

Sources

• Programming Android 1, 3

• developer.android.com

24 Oct 2017 SE 435: Development in the Android Environment 2

Why Android?

• Android is an open source operating system produced (?)

by the Open Handset Alliance (OHA)

– OHA is made up of 84 companies in the cellular, software

industries

– Includes:

– Software engineering by Google

• What does OHA do?

24 Oct 2017 SE 435: Development in the Android Environment 3

Why Study Android?

• Programs are written in an unusual way

• Android OS implements user and program interaction in

an interesting way

• There is a lot of research understanding how Android

works, how it should work, and how it can be modified.

• Number of papers on Android (as of 1 Oct 2017):

– In ACM Digital Library: 5,872 papers

– In IEEE Xplore Digital Library: 7,410 papers

24 Oct 2017 SE 435: Development in the Android Environment 4

Terminology and Terms

• When someone says “Android”, he could mean:

1. A cell phone, tablet, or device capable of running the Android

OS

2. The Android OS and its source code

3. The application programmer interface (API) and libraries

available for programmers to use the services of a compatible

device

• In this course, we’ll focus on 2 and 3

– Android tries to hide device details from apps

• app: An application written for applications written for the

Android OS or Apple iOS

24 Oct 2017 SE 435: Development in the Android Environment 5

Android OS Terms • Android OS is based on Linux

– Up until Android Version 4.0, used Linux 2.6 kernel

– Since, Android OS uses the Linux 3.x kernels (varies versions)

– Some fights between Google and Linux about integrating changes into the

regular Linux kernel

• Android OS has a fast update cycle – new updates every 6 to 9 months

• Each Android release has: – An official version number (ex. 2.2, 2.3)

– An official nick name (code name) (alphabetical candies)

– An official API level (incremental)

• Android is open source – GPL, Apache Software License, and BSD Licenses (worry about it if you plan

on changing Android)

– Official source code dump on the Android Open Source Project (AOSP)

24 Oct 2017 SE 435: Development in the Android Environment 6

Android Versions Summary

24 Oct 2017 SE 435: Development in the Android Environment 7

Android Versions Summary

24 Oct 2017 SE 435: Development in the Android Environment 8

Android Versions Summary

24 Oct 2017 SE 435: Development in the Android Environment 9

Android Versions

24 Oct 2017 SE 435: Development in the Android Environment 10

• Some updates are just security or bug fixes, so they don’t update the API level

• Android OS is open source, so device manufacturers make custom versions – Android Compatibility Definition Document

– Some “community” versions of Android

– No “pure” version of the Android OS

• Google directly manages Nexus devices, so they have the “purest” OS with least custom additions

Link: https://developer.android.com/about/dashboards/index.html

Rooting, Versions, Bugs • Android OS hides some features of Linux kernel

– Prevents some advanced networking and communication features

– Prevents regular apps from doing some system administrator actions

– Community mods can unlock those capabilities

• Android OS denies the user system level “root” access

– Prevents apps from doing some bad or iffy things

– Rooting a device means breaking the OS to get system administrator access

– May involve replacing the Android OS with another one

– People root phones to do things Android OS forbids

• Some Android OS versions have security bugs which were fixed in later versions

– No central update service, so old phones stay old

– Some old phones can’t handle newer OS versions

– People root phones to install newer Android OS version

• Apps written for a particular API level should work on any phone at that API level

– Rooted device with unofficial OS version ?

24 Oct 2017 SE 435: Development in the Android Environment 11

Ima

ge

so

urc

es: h

ttp

://w

ww

.alib

ab

ag

rou

p.c

om

/en

/ne

ws/lib

rary

#slid

e_

log

o,

By C

op

pe

rhe

ad

Se

cu

rity

- h

ttp

s:/

/gith

ub

.co

m/c

op

pe

rhe

ad

/bra

nd

ing

, P

ub

lic D

om

ain

, h

ttp

s:/

/co

mm

on

s.w

ikim

ed

ia.o

rg/w

/in

de

x.p

hp

?cu

rid

=5

06

26

61

2

Languages and Android • Android OS is based on Linux, written in C and C++

• Most apps developed in Java – With a set of Java APIs which grant access to the device and network

– Can also use Kotlin (new)

• Since 5.0, App’s Java source code compiled to Dalvik Byte Code (dex) for APK files

– Akin to Java byte code, but not the same

– Android OS uses just-in-time compilation to convert dex to binary instructions

– On installation, compiled to native Android Run Time (ART) code

– After installation, runs native code

• Older versions run DEX inside Dalvik Virtual Machine (DVM) instances

• Apps can be written in C using Native Development Kit (NDK) – Compiled with Java Native Interface (JNI)

– Can call native methods from regular Java code

– Limited to certain processors

• Apps can be written in HTML5 and JavaScript – Not compiled, just run via a browser window

24 Oct 2017 SE 435: Development in the Android Environment 12

Developing for Android

24 Oct 2017 SE 435: Development in the Android Environment 13

• Google sponsored IDE: Android Studio (based on IntelliJ) – Older version was based on Eclipse / Android Development Toolkit

– Can also develop using Visual Studio and Xamarin

App source code is compiled into dex, digitally signed, then stored in an APK file

• Compatible with ZIP, fixed structure with file names and directories

• Device’s Application Installer parses APK and installs it

• Stored on device after install in a hidden directory

• Android Run Time (ART) compiles dex into natively executable files to run

Android app development is relatively easy

• Android is basically open and free

• About 292.6 million Android devices shipped in Q1 of 2017 Lin

k: htt

ps:/

/ww

w.id

c.c

om

/pro

mo/s

ma

rtphone

-mark

et-

share

/vendor

So Far

• What is Android?

– Terminology and Technical Terms

• Ownership, Distribution, Advertising

24 Oct 2017 SE 435: Development in the Android Environment 14

Android Debug Bridge

• Copy over the APK file to

the device, install it

• Can install any app that

way, signed or not

– Develop, debug

• Requires setting debug

permissions on the phone

App Store

• Download from an App

Store web site

– 36 major ones as of

October 2014

• App installed by App

Installer

– Checks digital signature

– Checks permissions with

user

24 Oct 2017 SE 435: Development in the Android Environment 15

Installing Apps

App Stores: Big and Small • App stores can be international or

regional

• Google Play is the largest: – 2.2 million apps (June 2016)

– 2.5 billion downloads per month (as of July 2015)

• Amazon’s app market is big: – 600,000 apps (as of June 2016)

– 25 million downloads per month (estimate June 2014)

• Language specific app stores: – Chinese

– Russian

– Korean

• Manufacturer app stores: – Lenovo

– Samsung

• Open Source: F-Droid

• Many filter apps

• Google Play takes any app, but runs it though an app filter called Bouncer first

• Amazon App Market checks all apps by hand

• Why filter? – Prevent malware

– Preserve ownership and payment

24 Oct 2017 SE 435: Development in the Android Environment 16

App Store Downloads

24 Oct 2017 SE 435: Development in the Android Environment 17

Source: http://www.onepf.org/appstores/ (2014)

Malware Apps designed to do bad things

1. Delete device data or destructive stuff – Disable device – “ransomware”

2. Copy contacts and photos for storage, mining, spamming, blackmail

3. Connect to a server, have device send spam or DDOS

4. Things which cost money – premium SMS, phone calls

5. Use device resources for evil – recording, taking pictures, track movements

• Google Play removed 36,000 malware apps in July 2013 alone

• Certain markets worse: – Anzhi (China): 77.6% present risk

– China overall: 39.2% present risk

– In India: average device has 3 risky apps

– In China: average device has 2.4 risky apps

24 Oct 2017 SE 435: Development in the Android Environment 18

Source: Fortinet Threat Landscape 2014

Payment and Ownership Apps make money in three ways:

1. Enforce download fees: App store charges and passes along some – Some thieves copy real apps, repackage them, distribute themselves

– Some copy for money

– Some add malware functionality before

2. Showing ads: Free to download, ad network pays for screen space – App includes some libraries or activities from the ad network

– Ad activity downloads ads and shows them

– Ad network pays per view or click

– Ad activity may gather other info: phone IMEI or IMSI, location

3. In app billing: Free to download, no ads – User pays to use part of the tool or for certain features

– Some games force the user to buy tokens or capabilities

– Google has begun to require in app billing be done via Google Payments

24 Oct 2017 SE 435: Development in the Android Environment 19

Android is free?

• Google gives away

Android OS for free -

why?

24 Oct 2017 SE 435: Development in the Android Environment 20

Conclusion

• What is Android?

– Terminology and Technical Terms

• Ownership, Distribution, Advertising

24 Oct 2017 SE 435: Development in the Android Environment 21