2. What is Android ?
• A software platform and operating system for
mobile devices
• Based on the Linux kernel(Kernel 2.6)
• Developed by Google and later Open Handset
Aliance(OHA)
• Also writing managed code in the Java
Language
• C/C++ also but not supported
4. Applications
• First layer in system architecture
• These include the applications shipped with
android like the email client, SMS client, maps,
browsers and also the applications developed
and distributed through the Android market.
5. Application Framework
• Second layer in system architecture
• These include the programs that manage the
basic functions of the phone like resource
allocation, voice call management, etc
6. Libraries
• The layer above to the Linux kernel is the
Android’s native libraries.
• These libraries are written in C/C++ languages.
• These libraries also run as processes within the
underlying Linux kernel.
• The libraries are nothing but a set of instructions
that tell the device how to handle different kinds
of data (e.g. The media libraries support playing
or recording various audio/video formats)
7. Some of the key libraries are listed
below:
• SQLite:This is a lightweight yet powerful
relational database engine available for all
applications to store data.
• Webkit:This is a browser engine providing
tools for browsing web pages.
• Surface Manager: This is responsible for the
graphics on the device screens
• OpenGL: Used to render 2D or 3D graphics to
the screen
8. Android Runtime
• This is located on the same layer as the libraries
layer.
• It consists of the core JAVA libraries and the
Dalvik virtual machine.
• The core Java libraries are used for developing
Android based applications.
• Dalvik VMs help in achieving the following:
- better memory management
-an application cannot interfere with other
applications without permissions
- threading support
9. • The diagram below is a pictorial
representation of the Android environment.
• It can be observed that each Android
application runs under a separate virtual
instance and each application has a unique
user-id assigned to it.
10. Linux Kernel
• This is last layer in system architecture
• Device drivers, power management, process
management and networking services depend
on the layer
• Android using Linux kernel 2.6 and android
developed over time have been harmonized.
• Android is not exactly Linux.
11. Penetration testing of Android apps
• The applications in Android can be mainly
classified into two categories:
-Android browser-based applications
-Android-based applications (Android
application package files – .apk extension files)
12. Android Filesystem Access
We want to analyze files within the device,so
how do we do this ?
ADB
(windows,linux,mac)
15. Quick look at some apps
• We’re going to use Android’s default mail client
(Note – this is for a rooted device)
•Navigate to the shared_prefs directory of the
application
18. • Using the ADB shell, we can browse to the
database folder and access the data as shown
below:
19. Logging
• Applications may leak data through gratuitous
logging
• In older versions of Android, the browser
would log URLs visited
-This also logged session Ids for websites
that put it in the GET request
21. Android Client Analysis
• Android Application Layout
-Apps are packaged in an APK file (zip archive)
-What is in it ?
-Dalvik class files(.dex)
-Assets and Resources
-Android Manifest.xml
-APKs stored at /data/app on a device
Can extract this
25. Analyzing an APK
• The files inside an APK are not directly useful
-Need to unpack the XML,disassemble the
dex class files
We are using some tool for reverse engineering
Android apk files
26. Decompilation
• This way eassier than other ways
• You may be familiar with jad or jdgui
-Use dex2jar to get a (JVM) jar from an apk
*Perform “source review” on decompiled app
Does not work for all apks
28. Protection
•
•
•
•
We must treat the mobile device as hostile
Don’t store sensitive data unencrypted!
Doing encryption well is HARD
Best practice: don’t store any sensitive data on
device