Introduction to Android Development and Security

Transcript

1. An Introduction to Android Development and Security Kun Yang [email protected]

2. Android & Me • I’m a first-year graduate student. •

   I developed my first Android APP——BloGeo two years ago. • I’ve been an Android user for two years. • Now I’ve just started to learn Android security.

3. Outline • Introduction to Android – Brief history – Architecture

   • Android Development – Environment – Programming framework – Building and running process – Case Study • Overview of Android Security Feature • Android Security Lab (by Security Compass) • My Future Study

4. Brief History • Written by Andy Rubin(founder of Android Inc.)

   • Acquired by Google in 2005 • Android 1.0 released in 2007 • Android 4.0 released in 2011 • 52.5% of global mobile users

5. Brief Introduction • First complete, open and free mobile platform

   • Operating System – Mobile device optimized Linux kernel 2.6 • Application framework – Mainly Java-based – Running on Dalvik virtual machine featuring JIT compilation • Key applications – Gmail, Maps, Contacts, Market and etc.

6. Architecture

7. Developing Environment • Totally free-of-charge – Open source – Eclipse

   with ADT plugin – SDK tools with an emulator – Android market • Dev guide – http://developer.android.com

8. Android SDK Updater & AVD

9. Android emulator

10. Dalvik Debug Monitor

11. None

12. Application Framework Overview • Components – Activities – Views –

    Intents – Services – Content providers – Broadcast receivers • Resources • Manifest File

13. Activities • An activity is a single, focused thing that

    the user can do • Typically correspond to one UI screen • Activities are stacked like a deck of cards • Active activity is placed on top

14. Activity Lifecycle • 4 states – Active – Paused(visible, not

    active) – Stopped(invisible) – Destroyed • Call back functions – onCreate & onDestroy – onStart & onStop & onRestart – onResume & onPause

15. Hello World Activity

16. Views • Views are GUI controls(E.g. TextView, EditText, Button) •

    Activity windows consist of views and viewgroups • Organized as trees to build up GUIs • Operations we can perform on views – Set properties: Use function or define in the XML layout files to load. – Set focus – Set up listener – Set visibility – Draw anything we like • We can use Layout to help place views – E.g. LinearLayout, TableLayout, AbsoluteLayout – Use function or define in the XML layout files

17. Hello World using Layout XML Files

18. Example Views

19. Intents • Intents are used to exchange data between Activities

    or Applications • Think of Intents as a verb and object; a description of what you want done – E.g. VIEW, CALL, PLAY etc.. • Describes what the application wants • Provides late runtime binding

20. Services • Services run in the background • Don’t interact

    with the user • Run on the main thread of the process

21. Content Providers • Content providers store and retrieve data and

    make it accessible to all applications • It is the only way to share data across packages • The backend is SQLite • They are linked to clients • Data exposed as a unique URI

22. Resources • Resources are images , strings and etc. •

    Externalize resources from application code • SDK will generate codes to map a resource to an id, we can use static class R to get resources • Layout xml files are also resources

23. Manifest File • Control file that tells the system what

    to do and how the top-level components are related • It’s the “glue” that actually specifies which intents your activities receive • Specifies permissions

24. Building and Running • Android package format – Bundle a

    few files into a file(.apk) – Just a zip file – Classes.dex is core file – compiled java classes – Use ‘DX’ tool to convert Java *.class to Dalvik bytecode *.dex

25. Building and Running

26. Building and Running • DEX process flow

27. Building and Running • Simplified Process Diagram

28. Developing Process • Create your own android project • Design

    the UI • Externalize resources • React to events • Run the application

29. BloGeo

30. Android Security Overview • Goals – Protect user data –

    Protect system resources (including the network) – Provide application isolation • Android security features provided – Robust security at the OS level through the Linux kernel – Mandatory application sandbox for all applications – Secure interprocess communication – Application signing – Application-defined and user-granted permissions

31. Android Security Overview(cont.) • Application Sandbox: Kernel Level – Each

    Application has a user ID(UID) to run • Interprocess Communication – Binder • A lightweight capability-based remote procedure call mechanism designed for high performance when performing in-process and cross-process calls. – Intents – ContentProviders • Application signing

32. Android Security Overview(cont.) • Application-defined and user-granted permissions – Camera

    functions – Location data (GPS) – Bluetooth functions – Telephony functions – SMS/MMS functions – Network

33. ExploitMe Mobile Android Labs • By Security Compass – information

    security consulting firm – specializing in secure software development and training • An open source project demonstrating Android mobile hacking • A bank transfer mobile client • Server written in python(http/https) • 8 Labs

34. Lab 1: Secure connections • python app.py • emulator.exe -avd

    emu -tcpdump test.cap • Solution: python app.py --ssl --port 8443

35. Lab 2 - Parameter Manipulation • emulator @YOUR_AVD_NAME --http-proxy localhost:8008

    • http post Solution:

36. Lab 3 - Insecure file storage Solution: File creation mode:

    the default mode, where the created file can only be accessed by the calling application (or all applications sharing the same user ID).

37. Lab 4 - Secure Logging • adb logcat Be aware

    of what you are logging and only log non-sensitive information. Solution:

38. Lab 5 - Basic Encryption

39. Lab 5 - Basic Encryption(cont.)

40. Lab 6 - Advanced Encryption • apktool – It is

    a tool for reengineering 3rd party, closed, binary Android apps. – It can decode resources to nearly original form and rebuild them after making some modifications.

41. Lab 6 - Advanced Encryption(cont.) • apktool d BasicEncryptionSolution.apk export

42. Lab 6 - Advanced Encryption(cont.)

43. Lab 6 - Advanced Encryption(cont.) • Smali – Smali is

    an assembler for the dex format used by dalvik

44. Lab 6 - Advanced Encryption(cont.)

45. Lab 7 - Memory Protection

46. Lab 7 - Memory Protection • hprof-conv source dest –

    Convert dex memory dump format to Java format • Use MAT(memory analyzer tool) to browse it

47. Lab 7 - Memory Protection(cont.)

48. Lab 7 - Memory Protection(cont.)

49. Lab 8 - Client-side Password complexity

50. Future Study I hope I can show you some more

    hacking examples next time. Android Reverse Engineering!

51. Thanks! Q&A