Android Security Essentials

Click here to load reader

  • date post

    25-Feb-2016
  • Category

    Documents

  • view

    67
  • download

    0

Embed Size (px)

description

Android Security Essentials. Pragati Ogal Rai Mobile Technology Evangelist X.commerce (an eBay Inc. Company). Agenda. Why should I understand Android’s Security Model? Android platform security model Android application security model Android device security. - PowerPoint PPT Presentation

Transcript of Android Security Essentials

Understanding Android Security

Android Security EssentialsPragati Ogal RaiMobile Technology EvangelistX.commerce (an eBay Inc. Company)

AgendaWhy should I understand Androids Security Model?Android platform security modelAndroid application security modelAndroid device security

2Why should I understand Androids Security Model?Smart(er) PhonesOpen PlatformVariety of devicesYOU control your phone

3Android OS Architecture

http://developer.android.com/guide/basics/what-is-android.html4Linux KernelDistinct UID and GID for each application at install timeSharing can occur through component interactionsLinux process sandbox

5Linux Kernel (Contd)

include/linux/android_aid.hAID_NET_BT3002Can create Bluetooth SocketsAID_INET3003Can create IPv4 and IPv6 Sockets6MiddlewareDalvik VM is not a security boundaryNo security managerPermissions are enforced in OS and not in VMBytecode verification for optimizationNative vs. Java code7Application LayerPermissions restrict component interactionPermission labels defined in AndroidManifest.xmlMAC enforced by Reference MonitorPackageManager and ActivityManager enforce permissions8Permission Protection LevelsNormalandroid.permission.VIBRATEcom.android.alarm.permission.SET_ALARMDangerousandroid.permission.SEND_SMSandroid.permission.CALL_PHONESignatureandroid.permission.FORCE_STOP_PACKAGESandroid.permission.INJECT_EVENTSSignatureOrSystemandroid.permission.ACCESS_USBandroid.permission.SET_TIME

9User Defined PermissionsDevelopers can define own permissions