The document discusses Android security. It begins with an introduction to Android as the fastest growing mobile OS with over 1.5 billion downloads per month. It then notes that while Android is easy to develop for, it is also easy to create malware for Android and target users' devices as well as their friends' data. The document goes on to cover important security terms, examples of famous Android malware, the Unix and Android security models, application installation and isolation techniques, and ways for developers to test the security of their Android apps.
3. We all know!
● Fastest Growing Mobile Operating System
● 1.5 billion downloads a month and growing
● Millions of Devices running this Operating
System
● Easy (Are you sure?) to Develop Applications
● Open Source!
4. What we Don’t know!
● It’s easy to create malware and target
Android.
● Even “seem like trusty” app can be
malicious.
● It’s not that our data, but friend’s data is also
important!
9. Android Security Policy
1. Application Isolation
2. Sandbox of Application
3. Secure Communication
4. Signing the Application
5. Permission model of Application
11. Application Isolation
● Each application has own GID/UID.
● System apps also have own GID/UID.
● Based on UNIX Security Model.
12. Permission Policy (Default)
● No app can Write other app data.
● But can Read data, with due permission
● Connect to network
● Cannot Use Peripherals
● Cannot Use System APIs to Read/Send
SMS, Call..
● Cannot Load App on System Start
17. Some Steps!
1. Select popular application.
2. Reverse Engineer it.
a. Dex2jar
b. Apktool
c. Smali/Baksmali and many more..
3. Inject malicious code.
4. Distribute the app. (With new Certi)