Android platform security research

Abstract: In recent years, mobile devices based on Android platforms, such as smartphones and tablets, have become very popular. Applications on the Android Market make these mobile devices provide services similar to PCs, and more people are using these devices to process daily life and work affairs. It is almost inevitable that people face security issues similar to those on PCs. This article analyzes the security mechanism of the Android platform.

Keywords: Android Security mobile devices

1. Android system

Android is an open-source system. It mainly consists of the underlying Linux kernel, various local libraries and Android runtime environments, application software frameworks, and various applications at the top layer. The Linux Kernel provides various basic functions, such as memory management, device drivers, and networks. Local libraries include the font rendering engine FreeType, graphics library OpenGL/openes, customized libc, and Web rendering engine WebKit. These libraries are mainly written in C or C ++. The android runtime environment includes the Dalvik Virtual Machine and some core libraries. The Dalvik virtual machine is a register-based Virtual Machine. Its bytecode is different from that of the JVM. The core library supports a subset of javase5 and Android proprietary features. The application software framework is fully implemented by Java, including the port installation manager, package manager, and content service. The top applications include browsers, phone books, and various third-party applications. Each application is packaged in its own APK file for installation. The APK package is similar to jar and contains various contents. Each application is composed of components.
Communication mechanism.

Figure 1 System Architecture

2. Android Security Mechanism

As a Linux-based system, Android inherits many Linux security features. As a mobile device-oriented system, Android draws on the security features of some previous systems and provides some unique security mechanisms. Next, we will inherit from Linux's security features, environmental security features, and Android's unique security features.

2.1 inherit from the security features of Linux

Each application is specified with a unique immutable POSIX user ID during installation. Note that it is an application rather than a user. The application runs in its own process. The discretionary access control (DAC) mechanism controls the process's access to files. Each file has access control rules for three subjects (user/group/everyone. Each subject has the read, write, and execute permissions. System files are owned by "system" or "root" users. Therefore, each application can only access its own files or shared files. The system resources provided in the form of files are protected. Android system images are mounted to the file system in read-only mode. In this way, malicious applications obtain write permissions and still cannot destroy these key system files. All user applications and data are stored in user partitions. When the system and security mode are started, user partitions are not mounted, further ensuring security. In this way, the process of each application cannot interfere with the processes of other applications, and the files of other applications cannot be damaged.

Because the performance of mobile devices is not very strong, Linux's many functions are simplified. Fewer features generally mean fewer bugs. However, some security enhancement functions are also simplified, such as syn cookies that are effective to prevent SYN flood.

2.2 Environmental Security Features

Android applications are mainly written in strong-type Java language, which reduces the security risks caused by type conversion without type check in C language to a certain extent. Of course, the system also allows applications with native components written in C, which increases security risks to some extent. The component communication mechanism modified by Android ICC is also of type security. The data transmitted by the program using ICC must be defined using the android Interface Definition Language (aidl) to ensure the security of the Data Type Across process boundaries. Authentication, authorization, and billing are essential attributes of the traditional communication system, which are implemented through SIM cards like traditional non-smart devices.

2.3. Android-specific security features

The core of the security feature unique to Android is that for some operations, the system ensures that the application must be authorized to perform these operations. The package manager is responsible for approving the licenses required by the application during application installation, while the application framework reviews the permissions when the application is running. Android defines this type of permission in 100, such as dialing (call_hone), using a camera (CAMERA), accessing the Internet (Internet), and receiving a keyboard input (read_input_state, applications can also define their own licenses to protect their own security. The application must specify the required licenses in its own manifest file and then obtain these licenses during installation. During installation, the system checks the application signature and interacts with the user to determine whether to allow the application to obtain a license. After the application is installed, you cannot apply for another license. If the application is not approved for installation, you cannot apply for another license. If an operation that does not have the corresponding permission is performed during application running, the operation will be terminated. In this way, the user must decide whether to trust the author of the application, so it is easy to bring large risks. A simple example is that a user installs two seemingly unrelated applications, one requiring access to the network, and the other requiring access to the address book, all of which are approved by the user. When the application is running
The provider or intent communicates to disclose user data. In addition, although the license is comprehensive, the granularity is still not detailed enough. For example, the system does not limit the number of I/O operations for applications, and the number of times SIM cards and flash memory are erased is limited; battery consumption is also very easy, you only need to maintain a high CPU utilization, this type of malicious behavior is currently not suitable for defense.

3. Summary

As a new field, mobile platforms pose many new security challenges. The Android platform is a very popular platform. This article analyzes the security features inherited from Linux, the environment security features, and the security features unique to Android, in this way, we learned about the security advantages and disadvantages of the Android platform.

References:

[1]. Davi, L., dmitrienko, A., Sadeghi, a.r. And winandy, M. privilege escalation attacks on Android. Information security. 346-360.

[2]. shabtai, ., fledel, Y ., kanonov, U ., elovici, Y. and dolev, S. google Android: a state-of-the-art review of security mechanisms. arXiv preprint arXiv: 0912.5101.

[3]. enck, W., ongtang, M., and McDaniel, P. 2009b. Understanding Android security. IEEE security and privacy, 7 (1): 50-57.

[4]. shabtai, ., fledel, Y ., kanonov, U ., elovici, Y ., dolev, S. and glezer, C. google Android: a comprehensive security assessment. security \ & privacy,
IEEE, 8 (2). 35-44.

[5]. Chaudhuri, A. language-based security on Android. Proceedings of the ACM sigplan fourth workshop on programming versions and Analysis for security,
2009, 1-7.

[6]. C. Enrique Ortiz, understanding security on Android: Enhancing app security with sandbox, app signatures and permissions-http://www.ibm.com/developerworks/cn/xml/x-androidsecurity/index.html.