Android Security 101 (Android Architecture and Android Security)

Hello everyone :)
This time I want to discuss about Android Architecture and Android Security. So these 2 topics are what we will discuss in this topic.

Android Architecture

Android architecture involves several key components that work together to provide a complete operating environment on the device. Here I show the image of the Android Architecture.

Android Architecture

Here is a brief explanation of some of the major parts of the Android architecture:
1. Linux Kernel:
— The most basic part of the Android operating system.
— Provides basic services such as memory management, process management, file system, and security.
— Responsible for direct communication with hardware.

2. Hardware Abstraction Layer (HAL):
— Forms an abstraction layer between the Linux kernel and the hardware.
— Allows developers to write code that is independent of specific hardware.
— HAL provides a standardized interface that can be used by higher-level components.

3. Android Runtime:
— It is the execution environment of Android applications.
— It handles the execution of application code written in Java (via the Java Virtual Machine — JVM) or in Kotlin.
— Dalvik Virtual Machine (DVM) was previously used, but since Android 5.0, ART (Android Runtime) has become the default.

4. Native C/C++ Libraries:
— Provides a number of libraries written in C or C++.
— These libraries can be used by developers to optimize and improve application performance.
— Examples of these libraries include SQLite for databases, OpenGL ES for 3D graphics, and more.

5. Java API Framework:
— It is an application framework that allows developers to create Android applications.
— Provides a set of Java libraries that cover basic functions such as window management, resource management, network communication, and more.
— These APIs ensure consistency between the application and the Android platform.

6. System Apps:
— These are applications included by the device manufacturer or by the Android operating system itself.
— They include apps such as Contacts, Phone, Messages, Browser and more.
— Some of these apps may be updated by the Google Play Store or by system updates.

7. Power Management:
— Engaging the device’s battery power management.
— The Android operating system has advanced power management features to optimize power usage and extend battery life.

Overall, the Android architecture is designed to provide a flexible, open, and customizable environment for diverse applications on a variety of hardware. Each layer works together to create a consistent and efficient user experience.

Android Runtime (ART)

Android Runtime (ART) is the runtime environment used by the Android operating system to run Android applications. Before Android 5.0 (Lollipop), Android used the Dalvik Virtual Machine (DVM) as the default runtime environment, but starting from Android 5.0, ART became the default runtime.

Android Runtime (ART)

Here is a complete explanation of the Android Runtime (ART):

1. Ahead-of-Time Compilation (AOT):

• Differences with Dalvik: One of the main differences between ART and Dalvik is the compilation method. Dalvik uses the Just-In-Time (JIT) compilation method, while ART uses Ahead-of-Time (AOT) compilation. In AOT, the application code is compiled into machine code at the time of installation, rather than at the time of application execution. This improves the performance and responsiveness of the application.

2. Performance Improvement:

• Native Code Execution: Application code is compiled into a native execution format (machine code) that can be executed directly by the CPU, reducing compile-time overhead during runtime and improving application performance.

3. Optimization and Profiling:

• Code Profiling and Optimization: ART has the ability to perform application code profiling at runtime. This information can be used to dynamically optimize the code to improve execution performance.

4. Memory Management:

• Garbage Collector: ART has a more advanced garbage collector compared to DVM. The ART garbage collector works more efficiently in managing memory allocation and reduces application pauses caused by the garbage collection process.

5. Support for Small Devices (Small Devices):

• Support for Devices with Low Specifications: ART is designed to support devices with limited resources. Improved memory usage efficiency and execution performance help applications run better on low-specification devices.

6. Backward Compatibility:

• Legacy Application Compatibility: Although ART introduced significant changes in terms of compilation, the Android operating system still provides backward compatibility for applications compiled using DVM.

7. NDK Extension Management:

• Support for Native Development Kit (NDK): ART provides better support for applications that use native code through the NDK, enabling more seamless integration between Java code and native code.

8. Role in Security:

• Improved Application Security: ART helps improve application security by optimizing and managing code more efficiently, which in turn can help protect applications from security attacks and exploits.

Conclusion:

The Android Runtime (ART) is an integral part of the Android architecture, providing improved performance, memory efficiency, and application security. Using the Ahead-of-Time (AOT) compilation method, ART brings various technical improvements to enhance user experience and support the development of increasingly complex Android applications.

Android Security

Next we will discuss Android Security. There are several points that we will discuss in Android Security, namely the security strategies and technologies used by Android to protect devices and user data from various security threats and risks such as System Wide Security, Software Isolation, Network Security and Anti Exploitation. Here are some of the strategies used:

System Wide Security:

A comprehensive security system on the Android platform, which includes various security layers and components to protect the device from potential security threats. This includes access control, certificate management, and a comprehensive system security policy.

1. File-Based Encryption (Different File Types Encrypted with Different Keys):

• A file-based encryption system that allows users to secure data at the file level. Different file types can be encrypted with unique keys, increasing security levels and managing access to sensitive information.

2. Trusted Execution Environment (Trusted Execution Environment):

• It is an isolated environment on a device designed to execute cryptographic code or operations with a high level of security. The use of Trusted Execution Environment involves security components such as H/W backed keystore, Strongbox, and Gatekeeper to generate and protect cryptographic keys securely.

a. H/W Backed Keystore:

• Hard-backed storage of cryptographic keys, which makes them more difficult to access or extract unauthorizedly. This provides a higher level of security as the keys are stored in secure hardware.

b. Strongbox:

• A high-level security implementation that utilizes hardware security to protect cryptographic keys. Strongbox helps secure cryptographic operations such as digital signature generation and random number generation.

c. Gatekeeper:

• A verification system that is responsible for ensuring the integrity and authenticity of the user when opening the device. This involves authentication methods such as PIN, pattern, or fingerprint to secure access..

3. Verified Boot:

• The process of verifying the integrity of the Android operating system before the device actually boots. This involves checking the digital signatures and authenticity of each system component to ensure that no malicious or unauthorized modifications have occurred at the operating system level.

Android’s approach to security that includes differentiated key-based file encryption, Trusted Execution Environment, and Verified Boot provides a strong layer of protection against security threats. By bringing these security components together, Android strives to provide a secure environment for users and protect cryptographically sensitive data and operations on the device.

Software Isolation

Android uses software isolation to restrict access and interaction between apps and the system. Each app runs in an isolated environment (sandbox), which limits the app’s ability to interact directly with other apps or system components without appropriate permissions.

1. Users and Groups:
The Android system implements a user and group model that restricts access rights at the system level. Each application runs as a separate user and is assigned to the appropriate group. This ensures that applications have limited access rights only to the resources required to operate, improving security and isolation between applications.

2. SELinux — Security Enhanced Linux:
Android uses Security Enhanced Linux (SELinux) to provide an additional layer of security. SELinux is a high-level security framework that provides sophisticated access control by utilizing configurable policies. It helps protect the system from attacks and exploits by restricting application access rights according to predefined security policies.

3. Permission:
The permission model in Android allows users to grant or deny certain access permissions to apps. These permissions include access to resources such as camera, location, and contacts. When installing an app, the user grants the necessary permissions, and the app can only access those resources according to the permissions it has been granted. This gives the user direct control over the device’s personal and system data.

This approach reflects Android’s efforts to create a secure and isolated environment, control app access, and give users greater control in determining the permissions and access rights granted to apps. Thus, Android can deal with various security threats and provide a safe and reliable user experience.

Network Security

Network security is an important aspect of the Android security approach that aims to protect mobile device data and communications from threats and attacks that occur over the network. Here are some key elements of network security in the context of Android security:

1. Transport Layer Security (TLS):
The use of TLS in data communication between Android devices and servers ensures data encryption during transmission. This helps protect sensitive information from hacking or monitoring threats during data transfer over the network.

2. Virtual Private Networks (VPNs):
Android supports the use of VPN to provide a secure encrypted channel for data communication. Users can configure VPN to protect network traffic and keep information confidential when using public or untrusted networks.

3. Network Security Configurations:
Android allows developers to define network security policies in a configuration file (Network Security Config). This can include settings such as specifying valid certificates, restricting connections to only certain servers, or setting specific encryption policies.

4. Firewalls:
The use of firewalls at the Android device level helps control and monitor network traffic. A firewall can restrict an application’s access to the network and ensure that only authorized connections can interact with the device.

5. Monitoring and Logging:
Monitoring and logging network activity is a crucial step in detecting potential attacks or security threats. Android provides the ability to access network logs to analyze and identify potential security risks.

6. HTTPS handling:
Encourages the use of the HTTPS protocol for web connections. Android provides built-in support for HTTPS and implements policies that encourage apps to use secure connections when communicating with servers over the network.

7. Wi-Fi Security Handling:
Involves implementing strong Wi-Fi security, such as WPA3, and ensuring that Android devices automatically connect to secure and trusted Wi-Fi networks..

8. Mobile Device Management (MDM):
The use of an MDM solution enables efficient administration of network security. It includes device monitoring, network configuration handling, and network security policy enforcement from a control center.

The network security approach in Android includes a set of measures and technologies designed to protect data and communications from the risks associated with transmission over networks. By implementing these practices, Android seeks to provide a high level of security in communicating over various types of networks.

Anti Exploitation

Anti-exploitation is an approach in computer security that aims to reduce or prevent the exploitation of software vulnerabilities.Some frequently used anti-exploitation techniques include:

1. ASLR (Address Space Layout Randomization):
ASLR works to confuse the memory address where the application is executing, making it difficult for attackers to predict the specific location of code or data in memory.This makes it difficult for attackers to exploit the vulnerability by placing malicious code in anticipated locations..

2. KASLR (Kernel ASLR):
Similar to ASLR, KASLR involves messing with memory addresses, but is specifically applied to the operating system kernel.The goal is to make it difficult for attackers to determine the exact location of the kernel, thus protecting the operating system from attacks that target kernel components.

3. PIE (Position Independent Executable):
PIE ensures that executables (binary files) can be run from various memory locations without depending on a specific address.This makes it difficult for attackers to predict the specific location of the code in memory, as executables can load at different locations each time they are run.

4. DEP (Data Execution Prevention):
DEP restricts the ability to run code from memory regions that should only contain data.In this way, DEP protects against attacks such as buffer overflow where an attacker tries to run malicious code inserted in data.

5. SECCOMP Filter (Secure Computing for User Application Based Process):
The SECCOMP Filter limits access to system calls that can be made by a process.It provides an additional layer of protection by limiting the ability of an application to interact with the operating system, reducing the potential attacks an attacker can perform.

The implementation of anti-exploitation techniques such as ASLR, KASLR, PIE, DEP, and SECCOMP Filter helps improve system security by making it more difficult for attackers to exploit software vulnerabilities.The combination of all these techniques makes attacks that attempt to exploit vulnerabilities more difficult and more complex, providing a higher level of security against different types of attacks.

So, that’s a little discussion related to Android Architecture and Android Security, guys … :).Hopefully useful for friends and don’t forget to leave a thumbs up like ya guys .. :)) See you on the next article :)
BYE…. :)

Tags:
#android security�101 #android security 2023 #android security guide #android security #android security tips #android security video #android security features #android security tips #security 101 reviews #how many levels of security are there in android
Link:
CyberSec Youtube