SlideShare a Scribd company logo

Security on android

Download as PPTX, PDF
P
pk464312

The document discusses implementing security on Android applications. It provides an overview of the Android architecture, including its application model and security mechanisms like isolation, permissions, and signatures. It then reviews the Android software stack and key components like the activity manager, notification manager, and package manager. Next, it describes a system called TISSA that aims to provide security for user contacts, call logs, and location data by regulating access through a privacy settings content provider and privacy aware components. However, it notes that TISSA has limitations like occasionally providing fake responses and only using single privacy settings per private information type.

1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Implementing Security on Android Application Presented By Prabhakar Jha(7cs39)
Contents • INTRODUCTION • OVERVIEW OF ANDROID • REVIEW LITERATURE • SECURITY IN ANDROID • CONCLUSION
Introduction • Android is Google’s new open-source platform for mobile devices. • It comes with an SDK that provides the tools and APIs necessary to develop new applications for the platform in Java. • Android has its own virtual machine i.e. DVM (Dalvik Virtual Machine), which is used for executing the android applications. • As Android provides remote access to official sensitive data, which can lead to data hack if smart phones are hacked .
Overview of Android The application model • An application is a package of components, each of which can be instantiated and run as necessary . • Activity components form the basis of the user interface; usually, each window of the application is controlled by some activity. • Service components run in the background, and remain active even if windows are switched. • Receiver components react asynchronously to messages from other applications. • Provider components store data relevant to the application, usually in a database. Such data can be shared across applications.
Overview of Android Security mechanisms • It is possible for an application to share its data and functionality across other applications, such applications access its components. • The key access control mechanisms provided by Android. • Isolation The Android operating system builds on a Linux kernel, and as such, derives several protection mechanisms from Linux. . Every application runs in its own Linux process. Android starts the process when any of the application’s code needs to be run, and stops the process when another application’s code needs to be run.
Overview of Android Security mechanisms • Permissions Any application needs explicit permissions to access the components of other applications. Crucially, such permissions are set at install time, not at run time. The permissions required by an application are declared statically in a manifest. These permissions are set by the package installer, usually via dialogue with the user. • Signatures Finally, any Android application must be signed with a certificate whose private key is held by the developer. The certificate does not need to be signed by a certificate authority; it is used only to establish trust between applications by the same developer.
Review Literature • In android operating system, there are four layers. Android has its own libraries; it is helpful for developing and designing any application of android platform. These libraries are written in C/C++. Linux kernel is the 1st layer which is written in C.
Review Literature • Application layer: It is the most upper layer in android architecture. All the applications like camera, Google maps, browser, sms, calendars, contacts are native applications. • Application framework: Android applications which are developing, this layer contain needed classes and services. Developers can reuse and extend the components already present in API. • Activity manager: It manages the lifecycle of applications. It enables proper management of all the activities. All the activities are controlled by activity manager. • Resource manager: It provides access to non-code resources such as graphics etc.
Review Literature • Notification manager: It enables all applications to display custom alerts in status bar. • Location manager: It fires alerts when user enters or leaves a specified geographical location. • Package manager: It is use to retrieve the data about installed packages on device. • Libraries: Android has its own libraries, which is written in C/C++. These libraries cannot be accessed directly. With the help of application framework, we can access these libraries.
Security in android • In this paper, TISSA is a system which is used to provide security to the contacts, call logs etc. • By using TISSA, user can easily protect its contacts and call logs by filling all the permissions. • After giving all the permissions, user can easily access its own data in very privacy mode. • TISSA is evaluated with many of android apps which are affected by leakage of private information of user. • In TISSA, there are main three components are used which provides security to the user for securing call logs and contacts.
Security in android • Privacy setting content provider: It is used to provide current privacy setting for an installed application. • Privacy setting manager: It is for the user that he/she can easily update the privacy setting for the installed application. • Privacy aware components: These are enhanced to regulate the access to user’s information which also includes contacts, call logs and locations. • TISSA starts works when user sends request through installed app to the content provider. It holds the request and check current privacy settings for app. It matches all the stored information in database and then send result back to the content provider.
Security in android
Security in android • There are main three components used which provides the security to the user, these all are as follows: • Contacts and Call Logs: In the above diagram, it shows that firstly, user sends request for accessing the app. When request sends then content provider checks all the permissions if these all are matched only then user can easily access its data otherwise it will reject the permission request from the user side. • Phone Identity: Each mobile phone has its unique IMEI number for using GSM and CDMA technologies. In android app can easily use various functions and retrieve privacy setting for requesting app. • Location: Here is location manager which always noticed about user’s location. If user change its location, the registered location updates location information of the current user.
Conclusion It provides all over security to contacts, call logs and location or phone identity, but still there are some issues while using this system. While using TISSA, as per system use sometime it will send bogus or fake replies to the user corresponds to their request. These fake replies could create problems for some applications of android. Another issue in this system is that TISSA only uses one single privacy setting for one type of private information.
Security on android

More Related Content

PDF
CNIT 128 7: Mobile Device Management
Sam Bowne
 
PPT
Understanding Android Security
Asanka Dilruk
 
PDF
CNIT 128 8: Mobile development security
Sam Bowne
 
PDF
CNIT 128: 9: Mobile payments
Sam Bowne
 
PDF
Sensor GPP Presentation June 2008
Edward vd Berg
 
PPT
Android Security
Suminda Gunawardhana
 
PPTX
Android security
Mobile Rtpl
 
PPTX
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
CNIT 128 7: Mobile Device Management
Sam Bowne
 
Understanding Android Security
Asanka Dilruk
 
CNIT 128 8: Mobile development security
Sam Bowne
 
CNIT 128: 9: Mobile payments
Sam Bowne
 
Sensor GPP Presentation June 2008
Edward vd Berg
 
Android Security
Suminda Gunawardhana
 
Android security
Mobile Rtpl
 
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 

What's hot (20)

PDF
Secure element content
Manjula Weerasinghe
 
PPTX
Physical security-system
Techera Consultants
 
PPTX
Industrial IoT Security Standards & Frameworks
Priyanka Aash
 
PPTX
Access-control-system
Techera Consultants
 
ODP
Mobile Apps Security Testing -1
Krisshhna Daasaarii
 
PDF
iaetsd Second level security using intrusion detection and avoidance system
Iaetsd Iaetsd
 
PDF
Challenges in Testing Mobile App Security
Cygnet Infotech
 
PDF
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
Sam Bowne
 
PPTX
Web applications security conference slides
Bassam Al-Khatib
 
PDF
Stop the Evil, Protect the Endpoint
BeyondTrust
 
PPTX
3 steps to 4x the risk coverage of CA ControlMinder
ObserveIT
 
PDF
Reference Security Architecture for Mobility- Insurance
Priyanka Aash
 
PPTX
Introduction to security testing raj
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
PPTX
Signature Enterprise
Bioslimdisk
 
PDF
Datasheet two factor-authenticationx
Hai Nguyen
 
PPTX
Security Architecture for Cyber Physical Systems
Alan Tatourian
 
DOC
Srs template ieee
hoinongdan
 
PDF
Mobile frame asset management in depth
MobileWorxs
 
PPTX
Transforming any apps into self-defending apps
Blueboxer2014
 
PPTX
Classification of embedded systems
Vikas Dongre
 
Secure element content
Manjula Weerasinghe
 
Physical security-system
Techera Consultants
 
Industrial IoT Security Standards & Frameworks
Priyanka Aash
 
Access-control-system
Techera Consultants
 
Mobile Apps Security Testing -1
Krisshhna Daasaarii
 
iaetsd Second level security using intrusion detection and avoidance system
Iaetsd Iaetsd
 
Challenges in Testing Mobile App Security
Cygnet Infotech
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
Sam Bowne
 
Web applications security conference slides
Bassam Al-Khatib
 
Stop the Evil, Protect the Endpoint
BeyondTrust
 
3 steps to 4x the risk coverage of CA ControlMinder
ObserveIT
 
Reference Security Architecture for Mobility- Insurance
Priyanka Aash
 
Introduction to security testing raj
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Signature Enterprise
Bioslimdisk
 
Datasheet two factor-authenticationx
Hai Nguyen
 
Security Architecture for Cyber Physical Systems
Alan Tatourian
 
Srs template ieee
hoinongdan
 
Mobile frame asset management in depth
MobileWorxs
 
Transforming any apps into self-defending apps
Blueboxer2014
 
Classification of embedded systems
Vikas Dongre
 
Ad

Viewers also liked (13)

PPTX
Research of Cloud Security Communication Firewall Based On Android Platform
Manoj Dongare
 
DOC
Android Report
Ganesh Waghmare
 
PPT
Literature Review
The Engineering Centre for Excellence in Teaching and Learning
 
PPTX
How to write a literature review in 3 days
Aberdeen CES
 
DOCX
Vehicle tracking system,be computer android report,android project report,gps...
Sujit9561
 
DOC
Sample literature review
cocolatto
 
PPT
Restaurant Finder Android Application project Presentation
Abhinav Jain
 
DOC
Writing a Literature Review- handout
The Engineering Centre for Excellence in Teaching and Learning
 
PDF
Android College Application Project Report
stalin george
 
PPT
Writing Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
Sheryl Satorre
 
PPTX
Bus tracking application in Android
yashonil
 
PPSX
Literature review in research
Nursing Path
 
PDF
Android report
blogger at indiandswad
 
Research of Cloud Security Communication Firewall Based On Android Platform
Manoj Dongare
 
Android Report
Ganesh Waghmare
 
Literature Review
The Engineering Centre for Excellence in Teaching and Learning
 
How to write a literature review in 3 days
Aberdeen CES
 
Vehicle tracking system,be computer android report,android project report,gps...
Sujit9561
 
Sample literature review
cocolatto
 
Restaurant Finder Android Application project Presentation
Abhinav Jain
 
Writing a Literature Review- handout
The Engineering Centre for Excellence in Teaching and Learning
 
Android College Application Project Report
stalin george
 
Writing Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
Sheryl Satorre
 
Bus tracking application in Android
yashonil
 
Literature review in research
Nursing Path
 
Android report
blogger at indiandswad
 
Ad

Similar to Security on android (20)

PDF
Mediating Applications on the Android System
Nizar Maan
 
PDF
A survey on android security: development and deployment hindrance and best p...
TELKOMNIKA JOURNAL
 
PPTX
Android Security Humla Part 1
Nikhil Kulkarni
 
PDF
Android security
Dr Amira Bibo
 
PDF
Android security
Dr Amira Bibo
 
PDF
Cc4201519521
IJERA Editor
 
PPTX
Android
Mithilesh Rajbhar
 
PDF
Android security
Mohamed Alharbi
 
PDF
Android Security: A Survey of Security Issues and Defenses
IRJET Journal
 
PDF
Mobile Application Development with Android
IJAAS Team
 
PPTX
Android security
BehzadBeigzadeh
 
PDF
Detection of Android Third Party Libraries based attacks
Amina WADDIZ
 
PPTX
Androidoverview 100405150711-phpapp01
Santosh Sh
 
PDF
Google android security_2018_report
malvvv
 
PPT
Analysis and research of system security based on android
Ravishankar Kumar
 
PDF
Android open-source operating System for mobile devices
IOSR Journals
 
PPTX
Android technology
dharsana sree
 
PDF
android Security
darkC0de
 
PPTX
3. Android Architecture.pptx
HarshiniB11
 
PPTX
Android technology
vikas malviya
 
Mediating Applications on the Android System
Nizar Maan
 
A survey on android security: development and deployment hindrance and best p...
TELKOMNIKA JOURNAL
 
Android Security Humla Part 1
Nikhil Kulkarni
 
Android security
Dr Amira Bibo
 
Android security
Dr Amira Bibo
 
Cc4201519521
IJERA Editor
 
Android
Mithilesh Rajbhar
 
Android security
Mohamed Alharbi
 
Android Security: A Survey of Security Issues and Defenses
IRJET Journal
 
Mobile Application Development with Android
IJAAS Team
 
Android security
BehzadBeigzadeh
 
Detection of Android Third Party Libraries based attacks
Amina WADDIZ
 
Androidoverview 100405150711-phpapp01
Santosh Sh
 
Google android security_2018_report
malvvv
 
Analysis and research of system security based on android
Ravishankar Kumar
 
Android open-source operating System for mobile devices
IOSR Journals
 
Android technology
dharsana sree
 
android Security
darkC0de
 
3. Android Architecture.pptx
HarshiniB11
 
Android technology
vikas malviya
 

Security on android

  • 1. Implementing Security on Android Application Presented By Prabhakar Jha(7cs39)
  • 2. Contents • INTRODUCTION • OVERVIEW OF ANDROID • REVIEW LITERATURE • SECURITY IN ANDROID • CONCLUSION
  • 3. Introduction • Android is Google’s new open-source platform for mobile devices. • It comes with an SDK that provides the tools and APIs necessary to develop new applications for the platform in Java. • Android has its own virtual machine i.e. DVM (Dalvik Virtual Machine), which is used for executing the android applications. • As Android provides remote access to official sensitive data, which can lead to data hack if smart phones are hacked .
  • 4. Overview of Android The application model • An application is a package of components, each of which can be instantiated and run as necessary . • Activity components form the basis of the user interface; usually, each window of the application is controlled by some activity. • Service components run in the background, and remain active even if windows are switched. • Receiver components react asynchronously to messages from other applications. • Provider components store data relevant to the application, usually in a database. Such data can be shared across applications.
  • 5. Overview of Android Security mechanisms • It is possible for an application to share its data and functionality across other applications, such applications access its components. • The key access control mechanisms provided by Android. • Isolation The Android operating system builds on a Linux kernel, and as such, derives several protection mechanisms from Linux. . Every application runs in its own Linux process. Android starts the process when any of the application’s code needs to be run, and stops the process when another application’s code needs to be run.
  • 6. Overview of Android Security mechanisms • Permissions Any application needs explicit permissions to access the components of other applications. Crucially, such permissions are set at install time, not at run time. The permissions required by an application are declared statically in a manifest. These permissions are set by the package installer, usually via dialogue with the user. • Signatures Finally, any Android application must be signed with a certificate whose private key is held by the developer. The certificate does not need to be signed by a certificate authority; it is used only to establish trust between applications by the same developer.
  • 7. Review Literature • In android operating system, there are four layers. Android has its own libraries; it is helpful for developing and designing any application of android platform. These libraries are written in C/C++. Linux kernel is the 1st layer which is written in C.
  • 8. Review Literature • Application layer: It is the most upper layer in android architecture. All the applications like camera, Google maps, browser, sms, calendars, contacts are native applications. • Application framework: Android applications which are developing, this layer contain needed classes and services. Developers can reuse and extend the components already present in API. • Activity manager: It manages the lifecycle of applications. It enables proper management of all the activities. All the activities are controlled by activity manager. • Resource manager: It provides access to non-code resources such as graphics etc.
  • 9. Review Literature • Notification manager: It enables all applications to display custom alerts in status bar. • Location manager: It fires alerts when user enters or leaves a specified geographical location. • Package manager: It is use to retrieve the data about installed packages on device. • Libraries: Android has its own libraries, which is written in C/C++. These libraries cannot be accessed directly. With the help of application framework, we can access these libraries.
  • 10. Security in android • In this paper, TISSA is a system which is used to provide security to the contacts, call logs etc. • By using TISSA, user can easily protect its contacts and call logs by filling all the permissions. • After giving all the permissions, user can easily access its own data in very privacy mode. • TISSA is evaluated with many of android apps which are affected by leakage of private information of user. • In TISSA, there are main three components are used which provides security to the user for securing call logs and contacts.
  • 11. Security in android • Privacy setting content provider: It is used to provide current privacy setting for an installed application. • Privacy setting manager: It is for the user that he/she can easily update the privacy setting for the installed application. • Privacy aware components: These are enhanced to regulate the access to user’s information which also includes contacts, call logs and locations. • TISSA starts works when user sends request through installed app to the content provider. It holds the request and check current privacy settings for app. It matches all the stored information in database and then send result back to the content provider.
  • 13. Security in android • There are main three components used which provides the security to the user, these all are as follows: • Contacts and Call Logs: In the above diagram, it shows that firstly, user sends request for accessing the app. When request sends then content provider checks all the permissions if these all are matched only then user can easily access its data otherwise it will reject the permission request from the user side. • Phone Identity: Each mobile phone has its unique IMEI number for using GSM and CDMA technologies. In android app can easily use various functions and retrieve privacy setting for requesting app. • Location: Here is location manager which always noticed about user’s location. If user change its location, the registered location updates location information of the current user.
  • 14. Conclusion It provides all over security to contacts, call logs and location or phone identity, but still there are some issues while using this system. While using TISSA, as per system use sometime it will send bogus or fake replies to the user corresponds to their request. These fake replies could create problems for some applications of android. Another issue in this system is that TISSA only uses one single privacy setting for one type of private information.