![Page 2: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/2.jpg)
Android & Me
• I’m a first-year graduate student. • I developed my first Android APP——BloGeo
two years ago. • I’ve been an Android user for two years. • Now I’ve just started to learn Android security.
![Page 3: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/3.jpg)
Outline • Introduction to Android
– Brief history – Architecture
• Android Development – Environment – Programming framework – Building and running process – Case Study
• Overview of Android Security Feature • Android Security Lab (by Security Compass) • My Future Study
![Page 4: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/4.jpg)
Brief History
• Written by Andy Rubin(founder of Android Inc.) • Acquired by Google in 2005 • Android 1.0 released in 2007 • Android 4.0 released in 2011 • 52.5% of global mobile users
![Page 5: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/5.jpg)
Brief Introduction
• First complete, open and free mobile platform
• Operating System – Mobile device optimized Linux kernel 2.6
• Application framework – Mainly Java-based – Running on Dalvik virtual machine featuring JIT
compilation • Key applications
– Gmail, Maps, Contacts, Market and etc.
![Page 6: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/6.jpg)
Architecture
![Page 7: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/7.jpg)
Developing Environment
• Totally free-of-charge – Open source – Eclipse with ADT plugin – SDK tools with an emulator – Android market
• Dev guide – http://developer.android.com
![Page 8: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/8.jpg)
Android SDK Updater & AVD
![Page 9: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/9.jpg)
Android emulator
![Page 10: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/10.jpg)
Dalvik Debug Monitor
![Page 11: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/11.jpg)
![Page 12: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/12.jpg)
Application Framework Overview
• Components – Activities – Views – Intents – Services – Content providers – Broadcast receivers
• Resources • Manifest File
![Page 13: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/13.jpg)
Activities
• An activity is a single, focused thing that the user can do
• Typically correspond to one UI screen • Activities are stacked like a deck of cards • Active activity is placed on top
![Page 14: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/14.jpg)
Activity Lifecycle
• 4 states – Active – Paused(visible, not active) – Stopped(invisible) – Destroyed
• Call back functions – onCreate & onDestroy – onStart & onStop & onRestart – onResume & onPause
![Page 15: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/15.jpg)
Hello World Activity
![Page 16: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/16.jpg)
Views • Views are GUI controls(E.g. TextView, EditText, Button) • Activity windows consist of views and viewgroups • Organized as trees to build up GUIs • Operations we can perform on views
– Set properties: Use function or define in the XML layout files to load. – Set focus – Set up listener – Set visibility – Draw anything we like
• We can use Layout to help place views – E.g. LinearLayout, TableLayout, AbsoluteLayout – Use function or define in the XML layout files
![Page 17: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/17.jpg)
Hello World using Layout XML Files
![Page 18: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/18.jpg)
Example Views
![Page 19: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/19.jpg)
Intents
• Intents are used to exchange data between Activities or Applications
• Think of Intents as a verb and object; a description of what you want done – E.g. VIEW, CALL, PLAY etc..
• Describes what the application wants • Provides late runtime binding
![Page 20: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/20.jpg)
Services
• Services run in the background • Don’t interact with the user • Run on the main thread of the process
![Page 21: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/21.jpg)
Content Providers
• Content providers store and retrieve data and make it accessible to all applications
• It is the only way to share data across packages • The backend is SQLite • They are linked to clients • Data exposed as a unique URI
![Page 22: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/22.jpg)
Resources
• Resources are images , strings and etc. • Externalize resources from application code • SDK will generate codes to map a resource to
an id, we can use static class R to get resources
• Layout xml files are also resources
![Page 23: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/23.jpg)
Manifest File
• Control file that tells the system what to do and how the top-level components are related
• It’s the “glue” that actually specifies which intents your activities receive
• Specifies permissions
![Page 24: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/24.jpg)
Building and Running
• Android package format – Bundle a few files into a file(.apk) – Just a zip file – Classes.dex is core file – compiled java classes – Use ‘DX’ tool to convert Java *.class to Dalvik
bytecode *.dex
![Page 25: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/25.jpg)
Building and Running
![Page 26: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/26.jpg)
Building and Running
• DEX process flow
![Page 27: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/27.jpg)
Building and Running
• Simplified Process Diagram
![Page 28: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/28.jpg)
Developing Process
• Create your own android project • Design the UI • Externalize resources • React to events • Run the application
![Page 29: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/29.jpg)
BloGeo
![Page 30: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/30.jpg)
Android Security Overview
• Goals – Protect user data – Protect system resources (including the network) – Provide application isolation
• Android security features provided – Robust security at the OS level through the Linux
kernel – Mandatory application sandbox for all applications – Secure interprocess communication – Application signing – Application-defined and user-granted permissions
![Page 31: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/31.jpg)
Android Security Overview(cont.)
• Application Sandbox: Kernel Level – Each Application has a user ID(UID) to run
• Interprocess Communication – Binder
• A lightweight capability-based remote procedure call mechanism designed for high performance when performing in-process and cross-process calls.
– Intents – ContentProviders
• Application signing
![Page 32: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/32.jpg)
Android Security Overview(cont.)
• Application-defined and user-granted permissions – Camera functions – Location data (GPS) – Bluetooth functions – Telephony functions – SMS/MMS functions – Network
![Page 33: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/33.jpg)
ExploitMe Mobile Android Labs
• By Security Compass – information security consulting firm – specializing in secure software development and
training • An open source project demonstrating
Android mobile hacking • A bank transfer mobile client • Server written in python(http/https) • 8 Labs
![Page 34: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/34.jpg)
Lab 1: Secure connections
• python app.py • emulator.exe -avd emu -tcpdump
test.cap • Solution: python app.py --ssl --port 8443
![Page 35: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/35.jpg)
Lab 2 - Parameter Manipulation
• emulator @YOUR_AVD_NAME --http-proxy localhost:8008
• http post
Solution:
![Page 36: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/36.jpg)
Lab 3 - Insecure file storage
Solution: File creation mode: the default mode, where the created file can only be accessed by the calling application (or all applications sharing the same user ID).
![Page 37: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/37.jpg)
Lab 4 - Secure Logging
• adb logcat
Be aware of what you are logging and only log non-sensitive information.
Solution:
![Page 38: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/38.jpg)
Lab 5 - Basic Encryption
![Page 39: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/39.jpg)
Lab 5 - Basic Encryption(cont.)
![Page 40: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/40.jpg)
Lab 6 - Advanced Encryption
• apktool – It is a tool for reengineering 3rd party, closed,
binary Android apps. – It can decode resources to nearly original form
and rebuild them after making some modifications.
![Page 41: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/41.jpg)
Lab 6 - Advanced Encryption(cont.)
• apktool d BasicEncryptionSolution.apk export
![Page 42: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/42.jpg)
Lab 6 - Advanced Encryption(cont.)
![Page 43: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/43.jpg)
Lab 6 - Advanced Encryption(cont.)
• Smali – Smali is an assembler for the dex format used by
dalvik
![Page 44: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/44.jpg)
Lab 6 - Advanced Encryption(cont.)
![Page 45: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/45.jpg)
Lab 7 - Memory Protection
![Page 46: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/46.jpg)
Lab 7 - Memory Protection
• hprof-conv source dest – Convert dex memory dump format to Java format
• Use MAT(memory analyzer tool) to browse it
![Page 47: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/47.jpg)
Lab 7 - Memory Protection(cont.)
![Page 48: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/48.jpg)
Lab 7 - Memory Protection(cont.)
![Page 49: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/49.jpg)
Lab 8 - Client-side Password complexity
![Page 50: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/50.jpg)
Future Study
I hope I can show you some more hacking examples next time.
Android Reverse Engineering!
![Page 51: Introduction to Android Development and Security](https://reader033.vdocument.in/reader033/viewer/2022052310/55580125d8b42ae31c8b4e91/html5/thumbnails/51.jpg)
Thanks! Q&A