SlideShare ist ein Scribd-Unternehmen logo

Security on android

Als PPTX, PDF herunterladen
P
pk464312
1 von 15
Implementing Security on Android Application Presented By Prabhakar Jha(7cs39)
Contents • INTRODUCTION • OVERVIEW OF ANDROID • REVIEW LITERATURE • SECURITY IN ANDROID • CONCLUSION
Introduction • Android is Google’s new open-source platform for mobile devices. • It comes with an SDK that provides the tools and APIs necessary to develop new applications for the platform in Java. • Android has its own virtual machine i.e. DVM (Dalvik Virtual Machine), which is used for executing the android applications. • As Android provides remote access to official sensitive data, which can lead to data hack if smart phones are hacked .
Overview of Android The application model • An application is a package of components, each of which can be instantiated and run as necessary . • Activity components form the basis of the user interface; usually, each window of the application is controlled by some activity. • Service components run in the background, and remain active even if windows are switched. • Receiver components react asynchronously to messages from other applications. • Provider components store data relevant to the application, usually in a database. Such data can be shared across applications.
Overview of Android Security mechanisms • It is possible for an application to share its data and functionality across other applications, such applications access its components. • The key access control mechanisms provided by Android. • Isolation The Android operating system builds on a Linux kernel, and as such, derives several protection mechanisms from Linux. . Every application runs in its own Linux process. Android starts the process when any of the application’s code needs to be run, and stops the process when another application’s code needs to be run.
Overview of Android Security mechanisms • Permissions Any application needs explicit permissions to access the components of other applications. Crucially, such permissions are set at install time, not at run time. The permissions required by an application are declared statically in a manifest. These permissions are set by the package installer, usually via dialogue with the user. • Signatures Finally, any Android application must be signed with a certificate whose private key is held by the developer. The certificate does not need to be signed by a certificate authority; it is used only to establish trust between applications by the same developer.
Review Literature • In android operating system, there are four layers. Android has its own libraries; it is helpful for developing and designing any application of android platform. These libraries are written in C/C++. Linux kernel is the 1st layer which is written in C.
Review Literature • Application layer: It is the most upper layer in android architecture. All the applications like camera, Google maps, browser, sms, calendars, contacts are native applications. • Application framework: Android applications which are developing, this layer contain needed classes and services. Developers can reuse and extend the components already present in API. • Activity manager: It manages the lifecycle of applications. It enables proper management of all the activities. All the activities are controlled by activity manager. • Resource manager: It provides access to non-code resources such as graphics etc.
Review Literature • Notification manager: It enables all applications to display custom alerts in status bar. • Location manager: It fires alerts when user enters or leaves a specified geographical location. • Package manager: It is use to retrieve the data about installed packages on device. • Libraries: Android has its own libraries, which is written in C/C++. These libraries cannot be accessed directly. With the help of application framework, we can access these libraries.
Security in android • In this paper, TISSA is a system which is used to provide security to the contacts, call logs etc. • By using TISSA, user can easily protect its contacts and call logs by filling all the permissions. • After giving all the permissions, user can easily access its own data in very privacy mode. • TISSA is evaluated with many of android apps which are affected by leakage of private information of user. • In TISSA, there are main three components are used which provides security to the user for securing call logs and contacts.
Security in android • Privacy setting content provider: It is used to provide current privacy setting for an installed application. • Privacy setting manager: It is for the user that he/she can easily update the privacy setting for the installed application. • Privacy aware components: These are enhanced to regulate the access to user’s information which also includes contacts, call logs and locations. • TISSA starts works when user sends request through installed app to the content provider. It holds the request and check current privacy settings for app. It matches all the stored information in database and then send result back to the content provider.
Security in android
Security in android • There are main three components used which provides the security to the user, these all are as follows: • Contacts and Call Logs: In the above diagram, it shows that firstly, user sends request for accessing the app. When request sends then content provider checks all the permissions if these all are matched only then user can easily access its data otherwise it will reject the permission request from the user side. • Phone Identity: Each mobile phone has its unique IMEI number for using GSM and CDMA technologies. In android app can easily use various functions and retrieve privacy setting for requesting app. • Location: Here is location manager which always noticed about user’s location. If user change its location, the registered location updates location information of the current user.
Conclusion It provides all over security to contacts, call logs and location or phone identity, but still there are some issues while using this system. While using TISSA, as per system use sometime it will send bogus or fake replies to the user corresponds to their request. These fake replies could create problems for some applications of android. Another issue in this system is that TISSA only uses one single privacy setting for one type of private information.
Security on android

Empfohlen

CNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementCNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementSam Bowne
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
CNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsCNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsSam Bowne
 
Sensor GPP Presentation June 2008
Sensor GPP Presentation June 2008Sensor GPP Presentation June 2008
Sensor GPP Presentation June 2008Edward vd Berg
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 

Empfohlen

CNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementCNIT 128 7: Mobile Device Management
CNIT 128 7: Mobile Device ManagementSam Bowne
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
CNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsCNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsSam Bowne
 
Sensor GPP Presentation June 2008
Sensor GPP Presentation June 2008Sensor GPP Presentation June 2008
Sensor GPP Presentation June 2008Edward vd Berg
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Secure element content
Secure element contentSecure element content
Secure element contentManjula Weerasinghe
 
Physical security-system
Physical security-systemPhysical security-system
Physical security-systemTechera Consultants
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-systemTechera Consultants
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Krisshhna Daasaarii
 
iaetsd Second level security using intrusion detection and avoidance system
iaetsd Second level security using intrusion detection and avoidance systemiaetsd Second level security using intrusion detection and avoidance system
iaetsd Second level security using intrusion detection and avoidance systemIaetsd Iaetsd
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing rajRajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Signature Enterprise
Signature EnterpriseSignature Enterprise
Signature EnterpriseBioslimdisk
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationxHai Nguyen
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Srs template ieee
Srs template ieeeSrs template ieee
Srs template ieeehoinongdan
 
Mobile frame asset management in depth
Mobile frame asset management in depthMobile frame asset management in depth
Mobile frame asset management in depthMobileWorxs
 
Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Blueboxer2014
 
Classification of embedded systems
Classification of embedded systemsClassification of embedded systems
Classification of embedded systemsVikas Dongre
 
Research of Cloud Security Communication Firewall Based On Android Platform
Research of Cloud Security Communication Firewall Based On Android PlatformResearch of Cloud Security Communication Firewall Based On Android Platform
Research of Cloud Security Communication Firewall Based On Android PlatformManoj Dongare
 
Android Report
Android ReportAndroid Report
Android ReportGanesh Waghmare
 

Weitere ähnliche Inhalte

Was ist angesagt?

Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
iaetsd Second level security using intrusion detection and avoidance system
iaetsd Second level security using intrusion detection and avoidance systemiaetsd Second level security using intrusion detection and avoidance system
iaetsd Second level security using intrusion detection and avoidance systemIaetsd Iaetsd
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
Signature Enterprise
Signature EnterpriseSignature Enterprise
Signature EnterpriseBioslimdisk
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationxHai Nguyen
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Srs template ieee
Srs template ieeeSrs template ieee
Srs template ieeehoinongdan
 
Mobile frame asset management in depth
Mobile frame asset management in depthMobile frame asset management in depth
Mobile frame asset management in depthMobileWorxs
 
Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Blueboxer2014
 
Classification of embedded systems
Classification of embedded systemsClassification of embedded systems
Classification of embedded systemsVikas Dongre
 

Was ist angesagt? (20)

Secure element content
Secure element contentSecure element content
Secure element content
 
Physical security-system
Physical security-systemPhysical security-system
Physical security-system
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-system
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
iaetsd Second level security using intrusion detection and avoidance system
iaetsd Second level security using intrusion detection and avoidance systemiaetsd Second level security using intrusion detection and avoidance system
iaetsd Second level security using intrusion detection and avoidance system
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- Insurance
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Signature Enterprise
Signature EnterpriseSignature Enterprise
Signature Enterprise
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical Systems
 
Srs template ieee
Srs template ieeeSrs template ieee
Srs template ieee
 
Mobile frame asset management in depth
Mobile frame asset management in depthMobile frame asset management in depth
Mobile frame asset management in depth
 
Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Transforming any apps into self-defending apps
Transforming any apps into self-defending apps
 
Classification of embedded systems
Classification of embedded systemsClassification of embedded systems
Classification of embedded systems
 

Andere mochten auch

Research of Cloud Security Communication Firewall Based On Android Platform
Research of Cloud Security Communication Firewall Based On Android PlatformResearch of Cloud Security Communication Firewall Based On Android Platform
Research of Cloud Security Communication Firewall Based On Android PlatformManoj Dongare
 
How to write a literature review in 3 days
How to write a literature review in 3 daysHow to write a literature review in 3 days
How to write a literature review in 3 daysAberdeen CES
 
Vehicle tracking system,be computer android report,android project report,gps...
Vehicle tracking system,be computer android report,android project report,gps...Vehicle tracking system,be computer android report,android project report,gps...
Vehicle tracking system,be computer android report,android project report,gps...Sujit9561
 
Sample literature review
Sample literature reviewSample literature review
Sample literature reviewcocolatto
 
Restaurant Finder Android Application project Presentation
Restaurant Finder Android Application project PresentationRestaurant Finder Android Application project Presentation
Restaurant Finder Android Application project PresentationAbhinav Jain
 
Android College Application Project Report
Android College Application Project ReportAndroid College Application Project Report
Android College Application Project Reportstalin george
 
Writing Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
Writing Chapters 1, 2, 3 of the Capstone Project Proposal ManuscriptWriting Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
Writing Chapters 1, 2, 3 of the Capstone Project Proposal ManuscriptSheryl Satorre
 
Bus tracking application in Android
Bus tracking application in AndroidBus tracking application in Android
Bus tracking application in Androidyashonil
 
Literature review in research
Literature review in researchLiterature review in research
Literature review in researchNursing Path
 

Andere mochten auch (13)

Research of Cloud Security Communication Firewall Based On Android Platform
Research of Cloud Security Communication Firewall Based On Android PlatformResearch of Cloud Security Communication Firewall Based On Android Platform
Research of Cloud Security Communication Firewall Based On Android Platform
 
Android Report
Android ReportAndroid Report
Android Report
 
Literature Review
Literature ReviewLiterature Review
Literature Review
 
How to write a literature review in 3 days
How to write a literature review in 3 daysHow to write a literature review in 3 days
How to write a literature review in 3 days
 
Vehicle tracking system,be computer android report,android project report,gps...
Vehicle tracking system,be computer android report,android project report,gps...Vehicle tracking system,be computer android report,android project report,gps...
Vehicle tracking system,be computer android report,android project report,gps...
 
Sample literature review
Sample literature reviewSample literature review
Sample literature review
 
Restaurant Finder Android Application project Presentation
Restaurant Finder Android Application project PresentationRestaurant Finder Android Application project Presentation
Restaurant Finder Android Application project Presentation
 
Writing a Literature Review- handout
Writing a Literature Review- handout Writing a Literature Review- handout
Writing a Literature Review- handout
 
Android College Application Project Report
Android College Application Project ReportAndroid College Application Project Report
Android College Application Project Report
 
Writing Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
Writing Chapters 1, 2, 3 of the Capstone Project Proposal ManuscriptWriting Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
Writing Chapters 1, 2, 3 of the Capstone Project Proposal Manuscript
 
Bus tracking application in Android
Bus tracking application in AndroidBus tracking application in Android
Bus tracking application in Android
 
Literature review in research
Literature review in researchLiterature review in research
Literature review in research
 
Android report
Android reportAndroid report
Android report
 

Ähnlich wie Security on android

Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
Android Security Humla Part 1
Android Security Humla Part 1Android Security Humla Part 1
Android Security Humla Part 1Nikhil Kulkarni
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App DevelopementAayush Gupta
 
Android Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfAndroid Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfNomanKhan869872
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Android 130923124440-phpapp01
Android 130923124440-phpapp01Android 130923124440-phpapp01
Android 130923124440-phpapp01rajesh kumar
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Security in Android Application
Security in Android ApplicationSecurity in Android Application
Security in Android ApplicationRishabh Gupta
 
Basic of Android App Development
Basic of Android App DevelopmentBasic of Android App Development
Basic of Android App DevelopmentAbhijeet Gupta
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security ProgramDenim Group
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
COVERT app
COVERT appCOVERT app
COVERT appitba9
 

Ähnlich wie Security on android (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
Android Security Humla Part 1
Android Security Humla Part 1Android Security Humla Part 1
Android Security Humla Part 1
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App Developement
 
Android Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdfAndroid Seminar BY Suleman Khan.pdf
Android Seminar BY Suleman Khan.pdf
 
Android ppt
Android ppt Android ppt
Android ppt
 
Android Applications
Android ApplicationsAndroid Applications
Android Applications
 
Android ppt
Android pptAndroid ppt
Android ppt
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
Android
AndroidAndroid
Android
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Android 130923124440-phpapp01
Android 130923124440-phpapp01Android 130923124440-phpapp01
Android 130923124440-phpapp01
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Security in Android Application
Security in Android ApplicationSecurity in Android Application
Security in Android Application
 
Basic of Android App Development
Basic of Android App DevelopmentBasic of Android App Development
Basic of Android App Development
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
COVERT app
COVERT appCOVERT app
COVERT app
 

Security on android

  • 1. Implementing Security on Android Application Presented By Prabhakar Jha(7cs39)
  • 2. Contents • INTRODUCTION • OVERVIEW OF ANDROID • REVIEW LITERATURE • SECURITY IN ANDROID • CONCLUSION
  • 3. Introduction • Android is Google’s new open-source platform for mobile devices. • It comes with an SDK that provides the tools and APIs necessary to develop new applications for the platform in Java. • Android has its own virtual machine i.e. DVM (Dalvik Virtual Machine), which is used for executing the android applications. • As Android provides remote access to official sensitive data, which can lead to data hack if smart phones are hacked .
  • 4. Overview of Android The application model • An application is a package of components, each of which can be instantiated and run as necessary . • Activity components form the basis of the user interface; usually, each window of the application is controlled by some activity. • Service components run in the background, and remain active even if windows are switched. • Receiver components react asynchronously to messages from other applications. • Provider components store data relevant to the application, usually in a database. Such data can be shared across applications.
  • 5. Overview of Android Security mechanisms • It is possible for an application to share its data and functionality across other applications, such applications access its components. • The key access control mechanisms provided by Android. • Isolation The Android operating system builds on a Linux kernel, and as such, derives several protection mechanisms from Linux. . Every application runs in its own Linux process. Android starts the process when any of the application’s code needs to be run, and stops the process when another application’s code needs to be run.
  • 6. Overview of Android Security mechanisms • Permissions Any application needs explicit permissions to access the components of other applications. Crucially, such permissions are set at install time, not at run time. The permissions required by an application are declared statically in a manifest. These permissions are set by the package installer, usually via dialogue with the user. • Signatures Finally, any Android application must be signed with a certificate whose private key is held by the developer. The certificate does not need to be signed by a certificate authority; it is used only to establish trust between applications by the same developer.
  • 7. Review Literature • In android operating system, there are four layers. Android has its own libraries; it is helpful for developing and designing any application of android platform. These libraries are written in C/C++. Linux kernel is the 1st layer which is written in C.
  • 8. Review Literature • Application layer: It is the most upper layer in android architecture. All the applications like camera, Google maps, browser, sms, calendars, contacts are native applications. • Application framework: Android applications which are developing, this layer contain needed classes and services. Developers can reuse and extend the components already present in API. • Activity manager: It manages the lifecycle of applications. It enables proper management of all the activities. All the activities are controlled by activity manager. • Resource manager: It provides access to non-code resources such as graphics etc.
  • 9. Review Literature • Notification manager: It enables all applications to display custom alerts in status bar. • Location manager: It fires alerts when user enters or leaves a specified geographical location. • Package manager: It is use to retrieve the data about installed packages on device. • Libraries: Android has its own libraries, which is written in C/C++. These libraries cannot be accessed directly. With the help of application framework, we can access these libraries.
  • 10. Security in android • In this paper, TISSA is a system which is used to provide security to the contacts, call logs etc. • By using TISSA, user can easily protect its contacts and call logs by filling all the permissions. • After giving all the permissions, user can easily access its own data in very privacy mode. • TISSA is evaluated with many of android apps which are affected by leakage of private information of user. • In TISSA, there are main three components are used which provides security to the user for securing call logs and contacts.
  • 11. Security in android • Privacy setting content provider: It is used to provide current privacy setting for an installed application. • Privacy setting manager: It is for the user that he/she can easily update the privacy setting for the installed application. • Privacy aware components: These are enhanced to regulate the access to user’s information which also includes contacts, call logs and locations. • TISSA starts works when user sends request through installed app to the content provider. It holds the request and check current privacy settings for app. It matches all the stored information in database and then send result back to the content provider.
  • 13. Security in android • There are main three components used which provides the security to the user, these all are as follows: • Contacts and Call Logs: In the above diagram, it shows that firstly, user sends request for accessing the app. When request sends then content provider checks all the permissions if these all are matched only then user can easily access its data otherwise it will reject the permission request from the user side. • Phone Identity: Each mobile phone has its unique IMEI number for using GSM and CDMA technologies. In android app can easily use various functions and retrieve privacy setting for requesting app. • Location: Here is location manager which always noticed about user’s location. If user change its location, the registered location updates location information of the current user.
  • 14. Conclusion It provides all over security to contacts, call logs and location or phone identity, but still there are some issues while using this system. While using TISSA, as per system use sometime it will send bogus or fake replies to the user corresponds to their request. These fake replies could create problems for some applications of android. Another issue in this system is that TISSA only uses one single privacy setting for one type of private information.