History 2003
Android
started
as
a
separate
company.
It
was
run
by
Andy
Rubin
and
a
few
other
big
names
in
the
early
world
of
mobile
tech.
They
were
trying
to
build
so;ware
for
phones
and
digital
cameras.
2005
Google
bought
Android
in
2005.
Andy
Rubin
and
his
team
quietly
worked
on
what
would
become
the
Android
mobile
operaBng
system.
2008
Google
partnered
with
T-‐Mobile
to
launch
the
first-‐ever
Android
smartphone,
the
G1.
2007
The
Open
Handset
Alliance,
a
consorBum
of
technology
companies
including
Google,
device
manufacturers
such
as
HTC,
Sony
and
Samsung,
wireless
carriers
such
as
Sprint
Nextel
and
T-‐Mobile,
and
chipset
makers
such
as
Qualcomm
and
Texas
Instruments,
unveiled
itself,
with
a
goal
to
develop
open
standards
for
mobile
devices
2013
Google's
smartphone
operaBng
system
powers
a
whopping
80%
of
devices
worldwide.
AOSP and Google Mobile Services Android Open Source Project (AOSP) This is the Open source version of Android, used by Amazon, Zebra Technologies, Xiaomi and others OEM to build devices without the Google services. Google Mobile Services (GMS) This are additional features only available on devices that signed Google’s Anti-Fragmentation Agreement, including: Google Play Services, Google Maps, Gmail, etc. History Version 1.0 was released on September 26, 2012 Version 4.4 was released on May 7, 2014 Version 5.0 was released on June 25, 2014 Version 6.5, was released on November 17, 2014 Version 7.0 released on March 2, 2015 Version 7.5 released on May 28, 2015 Version 8.1 released on September 24, 2015
ANDROID != LINUX Androidism
–
differences
between
Android
and
Linux
• Binder
• Paranoid
Networking
SELinux
–
further
defines
boundaries
of
the
Android
applicaBon
sandbox
• Introduced
in
Android
v4.3
–
MAC
not
enforced
• v4.4
–
MAC
enforced
on
4
core
services
(installd,
netd,
vold
and
zygote)
• v5.x
–
MAC
enforced
on
everything
(more
than
60
domains)
MAC
=
Mandatory
Access
Control
DAC
=
DiscreBonary
Access
Control
Android Runtime Dalvik
VM
is
Android
implementaBon
of
Java
VM
Dalvik
is
opBmized
for
mobile
devices:
•
Bajery
consumpBon
•
CPU
capabiliBes
Key
Dalvik
differences:
•
Register-‐based
versus
stack-‐based
VM
•
Dalvik
runs
.dex
files
•
More
efficient
and
compact
implementaBon
•
Different
set
of
Java
libraries
than
JDK
Oracle
had
accused
Google
of
copying
the
APIs
of
Java,
a
programming
language
Oracle
owns,
and
punng
them
into
Android.
Android Runtime With
the
latest
I/O
conference,
Google
has
finally
publicly
announced
its
plans
for
its
new
runBme
on
Android.
ART
ART
is
designed
to
be
fully
compaBble
with
Dalvik’s
exisBng
byte-‐code
format,
“dex”
(Dalvik
executable).
The
big
paradigm-‐shi;
that
ART
brings,
is
that
instead
of
being
a
Just-‐in-‐Time
(JIT)
compiler,
it
now
compiles
applicaBon
code
Ahead-‐of-‐Time
(AOT).
The
performance
gains
over
Dalvik
are
significant;;
roughly
a
2x
improvement
in
speed
for
code
running
on
the
VM.
Application Security Box Upon
Android
applicaBon
installaBon:
• A
unique
user
ID
is
created
for
each
Android
app
• Each
app
is
started
in
its
own
process
• Each
app
runs
in
that
DVM
• The
file
permissions
are
set
for
the
owner
only
to
access
Application Signing The
important
points
to
understand
about
signing
Android
applicaBons
are:
• All
applicaBons
must
be
signed.
The
system
will
not
install
an
applicaBon
on
an
emulator
or
a
device
if
it
is
not
signed.
• To
test
and
debug
your
applicaBon,
the
build
tools
sign
your
applicaBon
with
a
special
debug
key
that
is
created
by
the
Android
SDK
build
tools.
• When
you
are
ready
to
release
your
applicaBon
for
end-‐users,
you
must
sign
it
with
a
suitable
private
key.
You
cannot
publish
an
applicaBon
that
is
signed
with
the
debug
key
generated
by
the
SDK
tools.
• You
can
use
self-‐signed
cerBficates
to
sign
your
applicaBons.
No
cerBficate
authority
is
needed.
• The
system
tests
a
signer
cerBficate's
expiraBon
date
only
at
install
Bme.
If
an
applicaBon's
signer
cerBficate
expires
a;er
the
applicaBon
is
installed,
the
applicaBon
will
conBnue
to
funcBon
normally.
What NEW IN Android v4.2.x (the
lockdown
release)
• RTL
Layout
support
• NaBve,
always-‐on
VPN
• CerBficate
Pinning
• New
Bluetooth
stack
• New
NFC
stack
• Hidden
developer
menu
and
USB
debug
whitelist
• System.Senngs
are
now
read-‐only
(e.g.
Airplane
mode)
• Content
providers
are
no
longer
exported
by
default
• AddiBonal
layer
of
security
in
the
WebView
interface
for
JS
binding
What NEW IN Android v4.3.x • SELinux
(in
permissive
mode)
• MulBple
account
and
restricted
profiles
(tablets)
• Bluetooth
SMART
support
(aka
BLE)
• WiFi
Enterprise
API
(e.g.
EAP
access)
• WiFi
Scan-‐only-‐mode
(get
posiBon
even
with
WiFi
off)
• Improved
RTL
Text
support
• Hardware
credenBal
storage
What NEW IN Android v4.4.x • SELinux
-‐
in
enforcing
mode
for
4
core
services
• RestricBon
on
External
Storage
(SDCard
read
only)
• NFC
Host
Card
EmulaBon
• Chromium
webview
• Screen
recorder
through
adb
• ART
(Android
Run
Time)
opBonal,
Dalvik
sBll
the
default
RunBme
• Improved
RTL
(Drawable
Mirroring
and
Force
RTL
for
developers)
What NEW IN Android v5.x • SELinux
-‐
in
enforcing
mode
for
all
domains
• WebView
updates
without
OTA
• MulBple
user
and
restricted
profile
on
phones
(prev.
only
tablets)
• Full
disk
encrypBon
“enforced”
and
improved
• ART
(Android
Run
Time)
only
available
RunBme
• Material
Design
• Screen
Capture
and
sharing:
hjps://github.com/googlesamples/android-‐ScreenCapture
• 64-‐bit
support
• Managed
provisioning
• Screen
Pinning
(Kiosk
Mode)
• Manually:
SeJngs
>
Security
>
Screen
Pinning
• ProgrammaBcally:
StartLockTask()
V5.1
• MulBple
SIM
cards
API Level 23 - MarshMallow • Doze and App Standby • Doze: Screen off and unplugged device stationary • App Standby: when an app is idle the OS diable networking • Removed access to Hardware identifier: • WifInfo.getMacAddress return always 02:00:00:00:00:00 • BluetoothAdapter.getAddress return always 02:00:00:00:00:00 • Fingerprint Authentication • USB Connection are now charge-only by default • Adoptable Storage Devices • App permissions changes • Check for Permissions • Request Permissions
nibble
bonotake
claudioed
motsuhiro131
torounit
sheep_san_white
yusuke
kazukihayase
bengo4com
hacomono
makotu
tammyeverts
tomzoh
jnunemaker
jasonvnalue
chriscoyier
jennybc
colly
eileencodes
keavy
lara
kastner
csswizardry
searls