Explain the security mechanism based on Android's four main frameworks
Java is different from C/c++,java is an explanatory language, there is the hidden danger of code being decompile, the default obfuscation is Proguard, the latest version is 4.7, Proguard can also be used to compress, optimize Java bytecode, delete useless classes, fields, methods, properties, annotations and so on. Configure the method to set local_proguard_flag_files in android.mk: = proguard.flagspackages/apps/launcher2/proguard.flags//Specific Method-keep Class Com.android.launcher2.Launcher {public void Previousscreen (Android.view.View); public void Nextscreen (Android.view.View); public void Launchhotseat (Android.view.View);} For a particular class, "$" indicates that the following class is the inner class of the preceding class-keep class Com.android.launcher2.allapps3d$defines {*;} -keep class Com.android.launcher2.ClippedImageView {*;}
Permissions are mainly used to increase restrictions on the operation of the application, to prevent malicious applications from illegal operation of the user caused sensitive data leakage and equipment is illegally controlled, to prevent malicious charges, etc. Android access rights normal permissions dangerous permissions Signatureorsystem permissions Signature Permissions framework layer permissions define location frameworks/base/core/res/ Androidmanifest.xml permissions are available for the entire application, Activity, service, and so on. Create access rights and permissions groups <permission android:name= "Android.permission.GET_ACCOUNTS" android:permissiongroup= " Android.permission-group.accounts "android:protectionlevel=" normal "android:description=" @string/permdesc_ Getaccounts "android:label=" @string/permlab_getaccounts "/>
<permission-group android:name= "Android.permission-group.storage" android:label= "@string/permgrouplab_storage "Android:description=" @string/permgroupdesc_storage "/>
- Settings for app permissions
Sharing a user ID is a common process the Android source tree carries the system certificate including "media", "platform", "shared", "TestKey", etc., where "media" certificate is used in multimedia, download scene; "Platform" Certificates are used in system scenarios; "shared" certificates are used in initiators, phone book scenes, "TestKey" certificates are used in development scenarios, these certificates are located in the build/target/product/security directory; currently supported "Shareduserid" Properties include "Com.android.cts.shareduid", "Com.android.cts.process.uidpid_test", "Android.uid.system", " Com.android.uid.test "," Android.uid.calendar "," Android.media "," Com.android.framework.externalsharedpermstestapp "," android.uid.shared "," Android.uid.phone "and so on. Commonly used include "Android.uid.system", "Android.media", "android.uid.shared" and so on. Set app permissions <uses-permission android:name= "Android.permission.BLUETOOTH"/><uses-permission android:name= " Android.permission.BLUETOOTH_ADMIN "/> Permissions Verify that Android provides several methods that you can use to verify that the caller has the appropriate permissions. If the caller has the appropriate permissions, the return value of the permission validation is Packagemanager. permission_granted otherwise returns packagemanager.permission_denied. Example private int enforceaccesspermission () {int ret =mcontext.checkcallingorselfpermission ("Android.permission.BIND_ Wallpaper "); return ret;}
Android digital certificate is free, sub-debug mode and Release mode two, through the command line and Eclipse can generate a publishing mode digital certificate, the command line using Keytool to generate digital certificates, and the use of Jarsigner to the APK digital signature; ADT Export Wizard to sign, only the same package name and the same digital certificate application is considered to be the same application; The maximum use of digital certificates is to apply upgrades and set permissions for inter-application communication; Keytool generate digital Certificates keytool-genkey-v-keystore Android.keystore-alias miaozl-keyalg rsa-validity 20000 "KeyStore android.keystore" means that the generated certificate is "Android.keystore", The path can be added (by default in the user's home directory), "Alias Miaozl" means that the certificate alias is "Miaozl", "keyalg RSA" means the RSA algorithm used, and "validity 20000" means that the certificate is valid for 20,000 days. In addition, through Keypass can set the password of the digital certificate private key, through the keysize can set the length of the algorithm, the default is 1024 bits, the recommended 2048 bits and longer, through Storepass can set the certificate password. Jarsigner Digital Signature Jarsigner-verbose-keystore android.keystore demo.apk certificate alias next Jarsigner will prompt for the password of the KeyStore and the password for the certificate alias, after all input, To complete the Signature View digital certificate signature #jarsigner-verify-verbose-certs demo.apk
Encryption algorithm (sensitive data) DES (symmetric), 3DES (symmetric), RSA (asymmetric), MD5, RC2/RC4 (symmetric), Idea, AES, Blowfish and other Web services (HTTP layer) Three means ws-security, SSL, digital signature. Currently KSOAP does not support WS-SECURITYTCP layer SSL, TSL Data link layer Wapi
The SQLite used by Android currently uses plaintext to store data, and security involves encryption, reading and writing, searching, and so on. Encryption method Encryption Algorithm (Implementation method reference network) Permissions set permission settings Android:permissionandroid:readPermissionandroid:writePermission Read and Write permissions example <provider and Roid:name= ". Provider. Attachmentprovider "android:authorities=" Com.android.email.attachmentprovider "android:multiprocess= "True" android:granturipermissions= "true" android:readpermission= "Com.android.email.permission.READ_ATTACHMENT "/>
- Database Security--Search
<provider android:name= "Suggestionsprovider" android: readpermission= "Android.permission.READ_SMS" android: Authorities= "Com.android.mms.SuggestionsProvider" > < path-permission android: pathprefix= "/search_suggest_query" android:readpermission= "Android.permission.GLOBAL_SEARCH"/> <path-permission & nbsp;android:pathprefix= "/search_suggest_shortcut" android:readpermission= "Android.permission.GLOBAL_SEARCH"/> </provider>
Typically, each app has a virtual machine. Typically, private data cannot be accessed between applications. Access to data by: File Way Database Permissions open profile Open Intent communication
Android has applied the Linux ACL (Access control List) permission mechanism on rights management, not the UGO permission mechanism used by earlier UNIX. At the partition level when the system is running, the outermost security is provided by the Linux system, where the partition where the system.img resides is read-only, does not allow the user to write, and the partition where the data.img resides is readable and writable for storing user data. The user rights of the partition are defined in Init.rc. Separate file access control groups, users, permissions. Permissions can be read, writable, and executable. Command: Chown\chgrp\chmod. Transferred from: http://blog.csdn.net/mad1989/article/details/16886189
Android's security mechanism
