Upload
maskply
View
225
Download
0
Embed Size (px)
Citation preview
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 1/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
Android
1. INTRODUCTION
Android is a software stack for mobile devices that includes an operating system,
middleware and key applications. The Android SDK provides the tools and APIs necessary
to begin developing applications on the Android platform using the Java programming
language.
It is a mobile operating system running on the Linux kernel. It was initially developed by
Google and later the Open Handset Alliance. It allows developers to write managed code in
the Java language, controlling the device via Google-developed Java libraries.
The unveiling of the Android platform on 5 November 2007 was announced with the
founding of the Open Handset Alliance, a consortium of 48 hardware, software, and
telecom companies devoted to advancing open standards for mobile devices. Google
released most of the Android code under the Apache License, a free-software and open
source license.
TKM Institute of Technology1
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 2/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
2. HISTORY
In July 2005, Google acquired Android, Inc., a small startup company based in Palo Alto,
California, USA. Android's co-founders who went to work at Google included Andy Rubin
(co-founder of Danger [, Rich Miner (co-founder of Wildfire Communications, Inc., Nick
Sears (once VP at T-Mobile, and Chris White (headed design and interface development at
WebTV. At the time, little was known about the functions of Android, Inc. other than that
they made software for mobile phones. This began rumors that Google was planning to
enter the mobile phone market, although it was unclear what function it might perform in
that market. At Google, the team, led by Rubin, developed a mobile device platform
powered by the Linux kernel which they marketed to handset makers and carriers on the
premise of providing a flexible, upgradeable system. It was reported that Google had
already lined up a series of hardware component and software partners and signaled to
carriers that it was open to various degrees of cooperation on their part.
More speculation that Google would be entering the mobile-phone market came in
December 2006 Reports from the BBC and The Wall Street Journal noted that Google
wanted its search and applications on mobile phones and it was working hard to deliver that. Print and online media outlets soon reported rumors that Google was developing a
Google-branded handset. More speculation followed reporting that as Google was defining
technical specifications, it was showing prototypes to cell phone manufacturers and
network operators. As many as 30 prototype phones were reported to be operating "in the
wild."
In September 2007, InformationWeek covered an Evalueserve study reporting that Google
had filed several patent applications in the area of mobile telephony.
TKM Institute of Technology2
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 3/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
2.1 OPEN HANDSET ALLAINCE
On 5 November 2007, the Open Handset Alliance, a consortium of several companieswhich include Texas Instruments, Broadcom Corporation, Google, HTC, Intel, LG,
Marvell Technology Group, Motorola, Nvidia, Qualcomm, Samsung Electronics, Sprint
Nextel and T-Mobile was unveiled with the goal to develop open standards for mobile
devices. Along with the formation of the Open Handset Alliance, the OHA also unveiled
their first product, Android, a mobile device platform built on the Linux kernel version 2.6.
On 9 December 2008, it was announced that 14 new members would be joining the
Android project including: ARM Holdings Plc, Atheros Communications, Asustek
Computer Inc, Garmin Ltd, Softbank , Sony Ericsson, Toshiba Corp, and Vodafone Group
Plc.
Google Chairman and CEO Eric Schmidt took some time in the official press release to
dispel all previous rumors and speculation about the existence of a stand-alone Google
phone.
2.2Licensing
Since 21 October 2008, Android has been available as open source. Google opened the
entire source code (including network and telephony stacks under an Apache license. With
the Apache License, vendors are free to add proprietary extensions without submitting
those back to the open source community.
Android had been criticized for not being all open-source software despite what was
announced by Google. Parts of the SDK are proprietary and closed source. The AndroidSoftware Development Kit License Agreement states that:
You agree that Google (or Google's licensors) own all legal right, title and interest in and to
the SDK, including any intellectual property rights which subsist in the SDK. Use,
reproduction and distribution of components of the SDK licensed under an open source
TKM Institute of Technology3
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 4/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
software license are governed solely by the terms of that open source software license and
not by this License Agreement. Until the SDK is released under an open source license,
you may not extract the source code or create a derivative work of the SDK.
2.3 Updates
Although Android is an open-source product, some development has been continuing in a
private development branch. In order to bring this software into public view, a read-only
mirror branch has been created, known as cupcake. Cupcake is commonly misunderstood
as the title of an actual update, but as stated on Google's development website: "cupcake is
still very much a work in progress. It is a development branch, not a release." Notable
changes to the Android software that will be introduced in cupcake include changes to the
download manager, the framework, Bluetooth, the system software, radio and telephony,
developer tools, the build system and several applications, as well as a number of bug fixes.
[
On 30 April 2009, the official 1.5 update for Android was released. There are several new
features and UI updates included in the 1.5 update:
• Ability to record and watch videos with the camcorder mode
• Uploading videos to YouTube and pictures to Picasa directly from the phone
• A new soft keyboard with an "Autocomplete" feature
• Ability to automatically connect to a Bluetooth headset within a certain distance
• New widgets and folders that can populate the desktop
• Animations between screens
• Expanded ability of Copy and paste to include web pages
TKM Institute of Technology4
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 5/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
3. FEATURES
The Android Emulator default home screen. Current features and specifications:
Handset
layouts
The platform is adaptable to larger, VGA, 2D graphics library, 3D
graphics library based on OpenGL ES 1.0 specifications, and traditional
smartphone layouts.
Storage The Database Software SQLite is used for data storage purposes
Connectivity
Android supports connectivity technologies including GSM/EDGE,
CDMA, EV-DO, UMTS, Bluetooth, and Wi-Fi.
MessagingSMS and MMS are available forms of messaging including threaded text
messaging.
Web browserThe web browser available in Android is based on the open-source
WebKit application framework.
Dalvik virtual
machine
Software written in Java can be compiled to be executed in the Dalvik
virtual machine, which is a specialized VM implementation designed for
mobile device use, although not technically a standard Java Virtual
Machine.
Media support
Android supports the following audio/video/still media formats: H.263,
H.264 (in 3GP or MP4 container ), MPEG-4 SP, AMR , AMR-WB (in 3GP
container), AAC, HE-AAC (in MP4 or 3GP container or as an AAC file),
MP3, MIDI, OGG Vorbis, WAV, JPEG, PNG, GIF, BMP.
Additional Android can utilize video/still cameras, touchscreens, GPS,
TKM Institute of Technology5
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 6/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
hardware
support
accelerometers, magnetometers, accelerated 2D bitblits (with hardware
orientation,scaling,pixel format conversion) and accelerated 3D graphics.
Development
environment
Includes a device emulator, tools for debugging, memory and
performance profiling, a plugin for the Eclipse IDE.
Market
Similar to the App Store on the iPhone OS, The Android Market is a
catalog of applications that can be downloaded and installed to target
hardware over-the-air, without the use of a PC. Originally only freeware
applications were supported. Paid-for apps have been available on the
Android Market in the United States since 19 February 2009.
Multi-touch
Android has native support for multi-touch but the feature is disabled at
the kernel level (possibly to avoid infringing Apple patents on touch-
screen technology). An unofficial mod has been developed that enables
multi-touch, but requires superuser access to the device to flash an
unsigned kernel.
3.1 Features Include
• Application framework enabling reuse and replacement of components
• Dalvik virtual machine optimized for mobile devices
TKM Institute of Technology6
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 7/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
• Integrated browser based on the open source WebKit engine
• Optimized graphics powered by a custom 2D graphics library; 3D graphics based
on the OpenGL ES 1.0 specification (hardware acceleration optional)
•
SQLite for structured data storage• Media support for common audio, video, and still image formats (MPEG4, H.264,
MP3, AAC, AMR, JPG, PNG, GIF)
• GSM Telephony (hardware dependent)
• Bluetooth, EDGE, 3G, and WiFi (hardware dependent)
• Camera, GPS, compass, and accelerometer (hardware dependent)
• Rich development environment including a device emulator, tools for debugging,
memory and performance profiling, and a plugin for the Eclipse IDE
4. ANDROID ARCHITECTURE
TKM Institute of Technology7
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 8/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
The following diagram shows the major components of the Android operating system.
Each section is described in more detail below.
TKM Institute of Technology8
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 9/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
Customers wait in line to purchase a new Google Phone at a T-Mobile store in San
Francisco.Google usually refers to the Android OS as a software stack . Each layer of the stack
groups together several programs that support specific operating system functions.
The base of the stack is the kernel. Google used the Linux version 2.6 OS to build
Android's kernel, which includes Android's memory management programs, security
TKM Institute of Technology9
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 10/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
settings, power management software and several hardware drivers. Drivers are programs
that control hardware devices. For example, the HTC G1 has a camera. The Android kernel
includes a camera driver, which allows the user to send commands to the camera hardware.
The next level of software includes Android's libraries. You can think of libraries as a set
of instructions that tell the device how to handle different kinds of data. For example, the
media framework library supports playback and recording of various audio, video and
picture formats. Other libraries include a three-dimensional acceleration library (for devices
with accelerometers) and a Web browser library.
Located on the same level as the libraries layer, the Android runtime layer includes a set of
core Java libraries -- Android application programmers build their apps using the Java
programming language. It also includes the Dalvik Virtual Machine.
A virtual machine is a software application that behaves as if it were an independent
device with its own operating system. You can run a virtual machine on a computer that
operates on a completely different OS than the physical machine's OS. The Android OS
uses virtual machines to run each application as its own process. That's important for a few
reasons. First, no application is dependent upon another. Second, if an application crashes,
it shouldn't affect any other applications running on the device. Third, it simplifies memory management.
The next layer is the application framework . This includes the programs that manage the
phone's basic functions like resource allocation, telephone applications, switching between
processes or programs and keeping track of the phone's physical location. Application
developers have full access to Android's application framework. This allows them to take
advantage of Android's processing capabilities and support features when building an
Android application. Think of the application framework as a set of basic tools with whicha developer can build much more complex tools.
At the top of the stack are the applications themselves. This is where you find the basic
functions of the device such as making phone calls, accessing the Web browser and
accessing your contacts list. If you're an average user, this is the layer you'll use most. You
TKM Institute of Technology10
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 11/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
do that with the user interface. Only Google programmers, application developers and
hardware manufacturers access the other layers further down the stack.
4.1 Development Tools
The Android SDK includes a variety of custom tools that help you develop mobile
applications on the Android platform.Three of the most significant tools are:
1. Android Emulator -A virtual mobile device that runs on our computer -use to
design, debug, and test our applications in an actual Android run-time environment.
1. Android Development Tools Plugin -for the Eclipse IDE - adds powerful
extensions to the Eclipse integrated environment.
1. Dalvik Debug Monitor Service (DDMS) -Integrated with Dalvik -this tool let us
manage processes on an emulator and assists in debugging.
TKM Institute of Technology11
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 12/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
5. HARDWARE PRODUCTS RUNNING ANDROID
By the end of 2009 there will be at least 18 phone models using Android worldwide,according to Google
Released (preinstalled)
HTC Dream (T-Mobile G1)
• HTC Dream (also marketed as T-Mobile G1, Era G1 in Poland, Rogers Dream in
Canada) - on sale October 22, 2008 as the first phone on the market to use the
Android platform. The phone is part of an open standards effort of the Open
Handset Alliance.
• HTC Magic - (known as the T-Mobile myTouch 3G in the US) similar to the
Dream but without the slide-out keyboard, instead using an on-screen keyboard.
• Chinese company Qigi released a version of its i6 (formerly Windows Mobile)
device running Android in December 2008. The device is manufactured by Chinese
ODM TechFaith.
TKM Institute of Technology12
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 13/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
Some users have been able (with some amount of hacking, and with limited functionality)
to install Android on mobile devices shipped with other OSes:
• The Openmoko phones ( Neo FreeRunner and Neo 1973) have limited support since
Google's release of the Android source code on 21 October 2008.[45] As of 4
November 2008, the whole source stack compiles, with the kernel, user interface
and most applications working, but telephony, SMS, suspend/resume and wifi,
which rely on lower level hardware features, are not fully working. In early 2009
Cupcake images were demonstrated and available as flashable images.
• Motorola A1200 Ming
• HTC Kaiser : a port is in progress, not all features work at the moment
• HTC Vogue
• HTC Touch Diamond: not all functions work (including Wifi)
• HTC Touch Pro
• Nokia N810
• Nokia 770
• Asus EEEPC 701
• Asus EEEPC 1000H
• Touch Book from Always Innovating
• Dell Axim x51v
• HTC Touch HD: similar to the Touch Diamond, not all features work such as wifi
and audio during voice calls
• Samsung Omnia: basic functions (no camera or wifi, occasional blockage, needs to
be installed on an SD card)
• Sharp Zaurus: Running basic version
TKM Institute of Technology13
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 14/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
Forthcoming
• Geeks'Phone Announces Geeks'Phone One in June 2009 for sale in November 2009
Geeks'Phone ONE first spanish Android phone. Launched in and.roid.es meetup in
Barcelona (Estimated sales on November 2009 - Tech specs)
• Dell is rumoured to be working on Android phones and multimedia devices
• Samsung I7500 was announced in April 2009 for release in June.
• HTC Hero - announced 24 June 2009 for release in July.
• HKC Pearl, which claims to dual-boot Windows Mobile 6.1 and Android. It is an
HTC clone device.• HKC Imobile v413, an Android phone which is a clone of the HTC Touch.
• In September 2008, Motorola confirmed that it was working on hardware products
that would run Android.
• Huawei plans to release a phone that would run Android on T-Mobile. This date
however is not set until after June 2009.
• Archos is planning to launch a new device, which would combine significant media
capabilities with an Android operating system.
• Lenovo is working on an Android-based mobile phone that supports the Chinese
3G TD-SCDMA standard.
• HTC is planning a "portfolio" of Android based phones to be released in the middle
of 2009,
• Sony Ericsson is waiting for better multi media support in Android 2.0.
• GiiNii Movit Mini is a Internet device based on Google's Android operating
system.
• Acer is rumored to be releasing phones called the L1, C1, E1, F1, and A1
(unconfirmed) late in 2009.
• Acer is releasing Android for the Acer One netbook in Q3 2009.
TKM Institute of Technology14
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 15/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
• Chinese ODM Yuhua's first Android phone, the dual-SIM DSTL1 will be released
under the General Mobile brand in June. The company is planning more Android
devices.
6. SOFTWARE DEVELOPMENT
Early Android device.
The early feedback on developing applications for the Android platform was mixed.[81]
Issues cited include bugs, lack of documentation, inadequate QA infrastructure, and no
public issue-tracking system. (Google announced an issue tracker on 18 January 2008.) In
December 2007, MergeLab mobile startup founder Adam MacBeth stated, "Functionality
is not there, is poorly documented or just doesn't work... It's clearly not ready for prime
time." Despite this, Android-targeted applications began to appear already the week after
the platform was announced. The first publicly available application was the Snake game.
The Android Dev Phone is a SIM-unlocked and hardware-unlocked device that is designed
for advanced developers. While developers can use regular consumer devices purchased at
retail to test and use their apps, some developers may choose not to use a retail device,
preferring an unlocked or no-contract device.
TKM Institute of Technology15
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 16/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
6.1 Software development kit
The Android SDK includes a comprehensive set of development tools. These include a
debugger , libraries, a handset emulator (based on QEMU), documentation, sample code,
and tutorials. Currently supported development platforms include x86-architecture
computers running Linux (any modern desktop Linux distribution), Mac OS X 10.4.8 or
later, Windows XP or Vista. Requirements also include Java Development Kit, Apache
Ant, and Python 2.2 or later. The officially supported integrated development environment
(IDE) is Eclipse (3.2 or later) using the Android Development Tools (ADT) Plugin, though
developers may use any text editor to edit Java and XML files then use command line tools
to create, build and debug Android applications.
A preview release of the Android software development kit (SDK) was released on 12
November 2007. On 15 July 2008, the Android Developer Challenge Team accidentally
sent an email to all entrants in the Android Developer Challenge announcing that a new
release of the SDK was available in a "private" download area. The email was intended for
winners of the first round of the Android Developer Challenge. The revelation that Google
was supplying new SDK releases to some developers and not others (and keeping this
arrangement private) has led to widely reported frustration within the Android developer
community
On 18 August 2008 the Android 0.9 SDK beta was released. This release provides anupdated and extended API, improved development tools and an updated design for the
home screen. Detailed instructions for upgrading are available to those already working
with an earlier release. On 23 September 2008 the Android 1.0 SDK (Release 1) was
released. According to the release notes, it included "mainly bug fixes, although some
smaller features were added". It also included several API changes from the 0.9 version.
TKM Institute of Technology16
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 17/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
On March 9, 2009, Google released version 1.1 for the android dev phone. While there are
a few aesthetic updates, a few crucial updates include support for "search by voice, priced
apps, alarm clock fixes, sending gmail freeze fix, fixes mail notifications and refreshing
intervals, and now the maps show business reviews". Another important update is that Dev phones can now access paid apps and developers can now see them on the Android Market.
6.2 Android Developer Challenge
The Android Developer Challenge was a competition for the most innovative application
for Android. Google offered prizes totaling 10 million US dollars, distributed between
ADC I and ADC II.ADC I accepted submissions from 2 January to 14 April 2008. The 50
most promising entries, announced on 12 May 2008, each received a $25,000 award tofund further development. It ended in early September with the announcement of ten teams
that received $275,000 each, and ten teams that received $100,000 each. ADC II was
announced on May 27, 2009.
6.3 Native code
Libraries written in C and other languages can be compiled to ARM native code and
installed, but the Native Development Kit is not yet officially supported by Google. Native
classes can be called from Java code running under the Dalvik VM using the
System.loadLibrary call, which is part of the standard Android Java classes.
Complete applications can be compiled and installed using traditional development tools.
The ADB debugger gives a root shell under the Android Emulator which allows native
ARM code to be uploaded and executed. ARM code can be compiled using GCC on a
standard PC Running native code is complicated by the fact that Android uses a non-
standard C library (known as Bionic). The underlying graphics device is available as aframebuffer at /dev/graphics/fb0. The graphics library that Android uses to arbitrate and
control access to this device is called the Skia Graphics Library (SGL), and it has been
released under an open source license. Skia has backends for both win32 and Cairo,
allowing the development of cross-platform applications, and it is the graphics engine
TKM Institute of Technology17
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 18/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
underlying the Google Chrome web browser. Elements Interactive Mobile B.V. have
ported their EdgeLib C++ library to Android, and native code executables of their S-Tris2
game (a Tetris clone) and Animate3D technology demo are available for download.
TKM Institute of Technology18
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 19/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
7. APPLICATIONS
Android will ship with a set of core applications including an email client, SMS program,calendar, maps, browser, contacts, and others. All applications are written using the Java
programming language.
7.1 Application Framework
Developers have full access to the same framework APIs used by the core applications.
The application architecture is designed to simplify the reuse of components; any
application can publish its capabilities and any other application may then make use of
those capabilities (subject to security constraints enforced by the framework). This same
mechanism allows components to be replaced by the user.
Underlying all applications is a set of services and systems, including:
• A rich and extensible set of Views that can be used to build an application,
including lists, grids, text boxes, buttons, and even an embeddable web browser
• Content Providers that enable applications to access data from other applications
(such as Contacts), or to share their own data
• A Resource Manager , providing access to non-code resources such as localized
strings, graphics, and layout files
• A Notification Manager that enables all applications to display custom alerts in the
status bar
• An Activity Manager that manages the lifecycle of applications and provides a
common navigation backstack
TKM Institute of Technology19
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 20/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
7.2 Libraries
Android includes a set of C/C++ libraries used by various components of the Android
system. These capabilities are exposed to developers through the Android application
framework. Some of the core libraries are listed below:
• System C library - a BSD-derived implementation of the standard C system library
(libc), tuned for embedded Linux-based devices
• Media Libraries - based on PacketVideo's OpenCORE; the libraries support
playback and recording of many popular audio and video formats, as well as staticimage files, including MPEG4, H.264, MP3, AAC, AMR, JPG, and PNG
• Surface Manager - manages access to the display subsystem and seamlessly
composites 2D and 3D graphic layers from multiple applications
• LibWebCore - a modern web browser engine which powers both the Android
browser and an embeddable web view
• SGL - the underlying 2D graphics engine
• 3D libraries - an implementation based on OpenGL ES 1.0 APIs; the libraries use
either hardware 3D acceleration (where available) or the included, highly optimized
3D software rasterizer
• FreeType - bitmap and vector font rendering
• SQLite - a powerful and lightweight relational database engine available to all
applications
TKM Institute of Technology20
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 21/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
7.3 Google Phone Applications
Google showed off an early build of the Android Operating System at several conferences
in 2008.
These days, it's not enough for your smartphone to be able to check e-mail and surf the
Web as well as make phone calls. You need to have at your disposal a host of useful, fun,
productive or just plain pointless applications. The iPhone's success has proven that a
strong application library can excite customers. Google's Android platform appears to be
following suit.
Months before the HTC G1 hit the shelves, Google unveiled the Android platform to
developers. The company created a limited software developer kit (SDK) and distributed it
to developers. Google even laid down the Android Developer Challenge -- an contest that
had a collective prize pool of $10 million.
The top developers earned $275,000 for their applications. Here's a small sample of what
made the grade:
• CompareEverywhere and GoCart are two different applications that let you
compare prices and read reviews for merchandise while you're in the store. You
take a picture of the item's bar code with the phone's camera. These applications
identify the item and aggregate reviews and prices from different sources.
• The Life360 application is part social networking, part news service. It lets you set
up a neighborhood-centric online community and share information with other
people in that group. It can alert you of emergencies like a tornado warning thataffects your neighborhood. Even if you are miles away, you can keep up with
what's going on back at home.
TKM Institute of Technology21
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 22/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
•
• Locale is an application that taps into Android's GPS support. First, you identify
various locations you frequent using Google Maps. Then, you create a list of phone
settings for each location. For example, at work or in class you'd probably wantyour phone's ring tone to be appropriate and at a low volume. Once you create the
settings for each location, your phone automatically switches to the proper setting
based on your current location. Using Locale, you never have to worry about
silencing your phone when you walk into your favorite movie theater!
•
• For the green-conscious, there's Ecorio. This application tracks your global carbon
footprint and offers suggestions to reduce your personal impact on the environment.
You can use the Google Maps application to plot out a trip and Ecorio offers
suggestions for car pooling, public transportation and other tips to create the
smallest ecological impact.
• The developers of the Softrace application wanted to build a program that inspires
people to maintain an active lifestyle. Softrace lets people set up footraces, bicycle
races and other competitions using the Google Maps function. Participants can
travel to a race destination, begin the race and try to make the best time. They can
compare their results with those of other participants.There are many more Android applications in the $275,000 winners' circle and beyond.
And several developers for some of the better-known iPhone applications have expressed
interest in developing an Android version of their apps. While the iPhone has a head start,
Android has the potential to equal and perhaps even surpass it on the application front.
TKM Institute of Technology22
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 23/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
7.4 Android Runtime
Android includes a set of core libraries that provides most of the functionality available in
the core libraries of the Java programming language.
Every Android application runs in its own process, with its own instance of the Dalvik
virtual machine. Dalvik has been written so that a device can run multiple VMs efficiently.
The Dalvik VM executes files in the Dalvik Executable (.dex) format which is optimized
for minimal memory footprint. The VM is register-based, and runs classes compiled by a
Java language compiler that have been transformed into the .dex format by the included"dx" tool.
The Dalvik VM relies on the Linux kernel for underlying functionality such as threading
and low-level memory management.
7.5 Linux Kernel
Android relies on Linux version 2.6 for core system services such as security, memory
management, process management, network stack, and driver model. The kernel also acts
as an abstraction layer between the hardware and the rest of the software stack.
TKM Institute of Technology23
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 24/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
8. BUILDING ANDROID APPLICATIONS
One of the smartphones Google used to demonstrate an early version of Android.
To build an Android application, a developer has to be familiar with the Java programming
language. Assuming the developer is proficient in Java, he or she can download the
software developer kit (SDK) and get started. The SDK gives the developer access toAndroid's application programming interface (API).
The SDK includes several tools, including sample applications and a phone emulator.
Emulators are programs that duplicate the features and functions of a specific system or
device. The Android emulator is a program that duplicates the functions of a phone running
on the Android platform. When the developer finishes building an application, he or she
can test it out on the emulator to see how the app will perform on actual hardware.
Google provides an extensive Android tutorial on its developer Web site. The company
even provides tips on basic programming steps like testing and debugging software.
Experienced developers can skip over the tutorial and go straight to building an application.
Google even provides step-by-step instructions on how to build an application named Hello
World to give developers the chance to become familiar with Android's architecture. This
TKM Institute of Technology24
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 25/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
brings us to another feature of Android that sets it apart from the iPhone -- developers can
create complex applications that run in the background of other applications. Apple limits
iPhone applications to the foreground -- if you switch to a different application, the first
application you were in stops working until you return to it. This feature limits the types of applications developers can build for the iPhone. Android allows developers more
extensive access to background processes.
Google breaks down all applications into four basic building blocks (not all applications
will have every building block):
• Activities: Whenever an application displays a screen to the user, that's an activity.
For example, a map application could have a basic map screen, a trip planner screen
and a route overlay screen. That's three activities.
• Intents: Intents are the mechanisms for moving from one activity to another. If you
were to plot a trip using our example of the mapping application, an intent would
interpret your input and activate the route overlay screen. Android also allows for
broadcast intent receivers, which are intents triggered by external events like
moving to a new location or an incoming phone call.
• Services: A service is a program that runs on its own without a user interface. For
example, let's say you are participating in a Softrace event. Midway through the
race, you decide you want to listen to music as you burn up the track. You can
switch over to a media player application and start a song while Softrace continues
to track your progress. If Softrace were simply an activity, you would have ended
the application as soon as you switched to the media player.
• Content provider: A content provider allows an application to share information
with other applications. This allows developers to work together to create a suite of
applications that are more robust and complex than each individual component.• There are other considerations developers must keep in mind while building
applications. They include Android's graphics rendering engine, process
management software, user interface support and other technical details. Google
provides guides for all of these elements on its Android developer Web site.
TKM Institute of Technology25
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 26/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
9. GOOGLE MOBILE PHONE VENDORS
The first Google phone retailed for $179 with a 2-year T-mobile contract.
There are two kinds of vendors you have to consider when you talk about a smartphone
operating system: the handset manufacturers and the cell phone service providers. Handset
manufacturers produce the actual hardware. Service providers are the phone companies
like T-Mobile or AT&T. Some handset manufacturers work exclusively with a specific cell
phone provider. In a few cases, a cell phone service provider will also produce its own
hardware.
As we mentioned earlier, the first handset to feature the Android OS was the High Tech
Computer Corporation's HTC G1. Before the phone even went on sale, bloggers and
journalists began to speculate on who would be the next handset manufacturer to get into
the Android game. One manufacturer that may soon offer its own Android phone is
Motorola. In fact, according to The Wall Street Journal, Motorola may cut back on the
operating systems it currently supports to focus on producing Android phones.
Another phone company interested in producing Android phones is Japan's NTT DoCoMo
Inc. While that name may not be familiar to U.S. customers, DoCoMo is Japan's largest
mobile phone provider. DoCoMo will partner with the South Korean company KTF to
produce the handset [source: Reuters]. Other handset manufacturers include Lenovo, Hop-
on and Huawei. As the Android OS evolves, we may see more handset manufacturers
support the platform with hardware.
The first cell phone provider to support an Android phone was T-Mobile. The company
first offered the HTC G1 on its 3G network to customers in the United States in October
2008 for $179 with a contract. A month earlier, T-Mobile offered current customers the
opportunity to reserve an HTC G1 in advance. The pre-sale was a huge success -- T-Mobile
had to end the sale early when orders exceeded the company's stock of 1.5 million phones
[source: Bylund]. We may see more providers support Android in 2009 and beyond.
TKM Institute of Technology26
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 27/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
But some cell phone service providers have gone so far as to criticize the Android OS in
public. Sprint CEO Dan Hesse said that Android wasn't "good enough to put the Sprint
brand on it" [source: Carew]. Hesse did leave open the possibility that Sprint would work
with the Android platform in the future. Meanwhile, Peter Michaels, the CEO of Hop-on,criticized Hesse's statements. Michaels alleged that Sprint makes it hard for inexpensive
handset vendors to join their network. He also pointed out that Sprint was a founding
member of the Open Handset Alliance -- a project that spawned Android. But Michaels
said that while the company says it supports open platforms, its actions seem to contradict
those claims [source: MarketWatch].
Other cell phone service providers are taking a "wait and see" approach to Android. In the
United States, providers like Verizon and AT&T support phones that are in the same
competitive space as the HTC G1 (the Blackberry line and the iPhone, respectively). These
companies have complicated business and political considerations to take into account
before they can support a new operating system.
10. CONCLUSION
TKM Institute of Technology27
8/2/2019 Android Print
http://slidepdf.com/reader/full/android-print 28/28
Department of Computer Science and Engineering Security Vulenerabilities Of Android OS
Android is open to all: industry, developers and users
Participating in many of the successful open source projects
Aims to be as easy to build for as the web.
Google Android is stepping into the next level of Mobile Internet