8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 1/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

Android

1. INTRODUCTION

Android is a software stack for mobile devices that includes an operating system,

middleware and key applications. The Android SDK provides the tools and APIs necessary

to begin developing applications on the Android platform using the Java programming

language.

It is a mobile operating system running on the Linux kernel. It was initially developed by

Google and later the Open Handset Alliance. It allows developers to write managed code in

the Java language, controlling the device via Google-developed Java libraries.

The unveiling of the Android platform on 5 November 2007 was announced with the

founding of the Open Handset Alliance, a consortium of 48 hardware, software, and

telecom companies devoted to advancing open standards for mobile devices. Google

released most of the Android code under the Apache License, a free-software and open 

source license. 

 TKM Institute of Technology1

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 2/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

2. HISTORY

In July 2005, Google acquired Android, Inc., a small startup company based in Palo Alto, 

California, USA. Android's co-founders who went to work at Google included Andy Rubin 

(co-founder of Danger [, Rich Miner  (co-founder of Wildfire Communications, Inc.,  Nick  

Sears (once VP at T-Mobile, and Chris White (headed design and interface development at

WebTV. At the time, little was known about the functions of Android, Inc. other than that

they made software for mobile phones. This began rumors that Google was planning to

enter the mobile phone market, although it was unclear what function it might perform in

that market. At Google, the team, led by Rubin, developed a mobile device platform

 powered by the Linux kernel which they marketed to handset makers and carriers on the

 premise of providing a flexible, upgradeable system. It was reported that Google had

already lined up a series of hardware component and software partners and signaled to

carriers that it was open to various degrees of cooperation on their part.

More speculation that Google would be entering the mobile-phone market came in

December 2006 Reports from the BBC and  The Wall Street Journal  noted that Google

wanted its search and applications on mobile phones and it was working hard to deliver that. Print and online media outlets soon reported rumors that Google was developing a

Google-branded handset. More speculation followed reporting that as Google was defining

technical specifications, it was showing prototypes to cell phone manufacturers and

network operators. As many as 30 prototype phones were reported to be operating "in the

wild."

In September 2007, InformationWeek covered an Evalueserve study reporting that Google

had filed several patent applications in the area of mobile telephony.

 TKM Institute of Technology2

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 3/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

2.1 OPEN HANDSET ALLAINCE

On 5 November 2007, the Open Handset Alliance, a consortium of several companieswhich include Texas Instruments, Broadcom Corporation, Google, HTC, Intel, LG,

Marvell Technology Group, Motorola, Nvidia, Qualcomm, Samsung Electronics, Sprint 

 Nextel and T-Mobile was unveiled with the goal to develop open standards for mobile

devices. Along with the formation of the Open Handset Alliance, the OHA also unveiled

their first product, Android, a mobile device platform built on the Linux kernel version 2.6.

On 9 December 2008, it was announced that 14 new members would be joining the

Android project including: ARM Holdings Plc, Atheros Communications, Asustek  

Computer Inc, Garmin Ltd, Softbank , Sony Ericsson, Toshiba Corp, and Vodafone Group 

Plc.

Google Chairman and CEO Eric Schmidt took some time in the official press release to

dispel all previous rumors and speculation about the existence of a stand-alone Google

 phone.

2.2Licensing

Since 21 October 2008, Android has been available as open source. Google opened the

entire source code (including network and telephony stacks under an Apache license. With

the Apache License, vendors are free to add proprietary extensions without submitting

those back to the open source community.

Android had been criticized for not being all open-source software despite what was

announced by Google. Parts of the SDK are proprietary and closed source. The AndroidSoftware Development Kit License Agreement states that:

You agree that Google (or Google's licensors) own all legal right, title and interest in and to

the SDK, including any intellectual property rights which subsist in the SDK. Use,

reproduction and distribution of components of the SDK licensed under an open source

 TKM Institute of Technology3

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 4/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

software license are governed solely by the terms of that open source software license and

not by this License Agreement. Until the SDK is released under an open source license,

you may not extract the source code or create a derivative work of the SDK.

2.3 Updates

Although Android is an open-source product, some development has been continuing in a

 private development branch. In order to bring this software into public view, a read-only

mirror branch has been created, known as cupcake. Cupcake is commonly misunderstood

as the title of an actual update, but as stated on Google's development website: "cupcake is

still very much a work in progress. It is a development branch, not a release." Notable

changes to the Android software that will be introduced in cupcake include changes to the

download manager, the framework, Bluetooth, the system software, radio and telephony,

developer tools, the build system and several applications, as well as a number of bug fixes.

[

On 30 April 2009, the official 1.5 update for Android was released. There are several new

features and UI updates included in the 1.5 update:

• Ability to record and watch videos with the camcorder mode

• Uploading videos to YouTube and pictures to Picasa directly from the phone

• A new soft keyboard with an "Autocomplete" feature

• Ability to automatically connect to a Bluetooth headset within a certain distance

•  New widgets and folders that can populate the desktop

• Animations between screens

• Expanded ability of Copy and paste to include web pages

 TKM Institute of Technology4

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 5/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

3. FEATURES 

The Android Emulator default home screen. Current features and specifications:

Handset

layouts

The platform is adaptable to larger, VGA, 2D graphics library, 3D 

graphics library based on OpenGL ES 1.0 specifications, and traditional

smartphone layouts.

Storage The Database Software SQLite is used for data storage purposes

Connectivity

Android supports connectivity technologies including GSM/EDGE,

CDMA, EV-DO, UMTS, Bluetooth, and Wi-Fi.

MessagingSMS and MMS are available forms of messaging including threaded text 

messaging.

Web browserThe web browser available in Android is based on the open-source

WebKit application framework.

Dalvik virtual

machine

Software written in Java can be compiled to be executed in the Dalvik  

virtual machine, which is a specialized VM implementation designed for 

mobile device use, although not technically a standard Java Virtual

Machine.

Media support

Android supports the following audio/video/still media formats: H.263,

H.264 (in 3GP or MP4 container ), MPEG-4 SP, AMR , AMR-WB (in 3GP

container), AAC, HE-AAC (in MP4 or 3GP container or as an AAC file),

MP3, MIDI, OGG Vorbis, WAV, JPEG, PNG, GIF, BMP.

Additional Android can utilize video/still cameras, touchscreens, GPS,

 TKM Institute of Technology5

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 6/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

hardware

support

accelerometers, magnetometers, accelerated 2D bitblits (with hardware

orientation,scaling,pixel format conversion) and accelerated 3D graphics.

Development

environment

Includes a device emulator, tools for  debugging, memory and

 performance profiling, a plugin for the Eclipse IDE.

Market

Similar to the App Store on the iPhone OS, The Android Market is a

catalog of applications that can be downloaded and installed to target

hardware over-the-air, without the use of a PC. Originally only freeware

applications were supported. Paid-for apps have been available on the

Android Market in the United States since 19 February 2009.

Multi-touch

Android has native support for multi-touch but the feature is disabled at

the kernel level (possibly to avoid infringing Apple patents on touch-

screen technology). An unofficial mod has been developed that enables

multi-touch, but requires superuser  access to the device to flash an

unsigned kernel.

3.1 Features Include

• Application framework enabling reuse and replacement of components

• Dalvik virtual machine optimized for mobile devices

 TKM Institute of Technology6

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 7/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

• Integrated browser based on the open source WebKit engine

• Optimized graphics powered by a custom 2D graphics library; 3D graphics based

on the OpenGL ES 1.0 specification (hardware acceleration optional)

•

SQLite for structured data storage• Media support for common audio, video, and still image formats (MPEG4, H.264,

MP3, AAC, AMR, JPG, PNG, GIF)

• GSM Telephony (hardware dependent)

• Bluetooth, EDGE, 3G, and WiFi (hardware dependent)

• Camera, GPS, compass, and accelerometer (hardware dependent)

• Rich development environment including a device emulator, tools for debugging,

memory and performance profiling, and a plugin for the Eclipse IDE

4. ANDROID ARCHITECTURE

 TKM Institute of Technology7

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 8/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

The following diagram shows the major components of the Android operating system.

Each section is described in more detail below.

 TKM Institute of Technology8

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 9/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

Customers wait in line to purchase a new Google Phone at a T-Mobile store in San

Francisco.Google usually refers to the Android OS as a software stack . Each layer of the stack 

groups together several programs that support specific operating system functions.

The base of the stack is the kernel. Google used the Linux version 2.6 OS to build

Android's kernel, which includes Android's memory management programs, security

 TKM Institute of Technology9

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 10/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

settings, power management software and several hardware drivers. Drivers are programs

that control hardware devices. For example, the HTC G1 has a camera. The Android kernel

includes a camera driver, which allows the user to send commands to the camera hardware.

The next level of software includes Android's libraries. You can think of libraries as a set

of instructions that tell the device how to handle different kinds of data. For example, the

media framework library supports playback and recording of various audio, video and

 picture formats. Other libraries include a three-dimensional acceleration library (for devices

with accelerometers) and a Web browser library.

Located on the same level as the libraries layer, the Android runtime layer includes a set of 

core Java libraries -- Android application programmers build their apps using the Java 

 programming language. It also includes the Dalvik Virtual Machine.

A virtual machine is a software application that behaves as if it were an independent

device with its own operating system. You can run a virtual machine on a computer that

operates on a completely different OS than the physical machine's OS. The Android OS

uses virtual machines to run each application as its own process. That's important for a few

reasons. First, no application is dependent upon another. Second, if an application crashes,

it shouldn't affect any other applications running on the device. Third, it simplifies memory management.

The next layer is the application framework . This includes the programs that manage the

 phone's basic functions like resource allocation, telephone applications, switching between

 processes or programs and keeping track of the phone's physical location. Application

developers have full access to Android's application framework. This allows them to take

advantage of Android's processing capabilities and support features when building an

Android application. Think of the application framework as a set of basic tools with whicha developer can build much more complex tools.

At the top of the stack are the applications themselves. This is where you find the basic

functions of the device such as making  phone calls, accessing the Web browser and

accessing your contacts list. If you're an average user, this is the layer you'll use most. You

 TKM Institute of Technology10

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 11/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

do that with the user interface. Only Google programmers, application developers and

hardware manufacturers access the other layers further down the stack.

4.1 Development Tools

The Android SDK includes a variety of custom tools that help you develop mobile

applications on the Android platform.Three of the most significant tools are:

1. Android Emulator  -A virtual mobile device that runs on our computer -use to

design, debug, and test our applications in an actual Android run-time environment.

1. Android Development Tools Plugin -for the Eclipse IDE - adds powerful

extensions to the Eclipse integrated environment.

1. Dalvik Debug Monitor Service (DDMS) -Integrated with Dalvik  -this tool let us

manage processes on an emulator and assists in debugging.

 TKM Institute of Technology11

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 12/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

5. HARDWARE PRODUCTS RUNNING ANDROID

By the end of 2009 there will be at least 18 phone models using Android worldwide,according to Google

Released (preinstalled)

HTC Dream (T-Mobile G1)

• HTC Dream (also marketed as T-Mobile G1, Era G1 in Poland, Rogers Dream in

Canada) - on sale October 22, 2008 as the first phone on the market to use the

Android platform. The phone is part of an open standards effort of the Open 

Handset Alliance. 

• HTC Magic - (known as the T-Mobile myTouch 3G in the US) similar to the

Dream but without the slide-out keyboard, instead using an on-screen keyboard.

• Chinese company Qigi released a version of its i6 (formerly Windows Mobile)

device running Android in December 2008. The device is manufactured by Chinese

ODM TechFaith.

 TKM Institute of Technology12

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 13/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

Some users have been able (with some amount of hacking, and with limited functionality)

to install Android on mobile devices shipped with other OSes:

• The Openmoko phones ( Neo FreeRunner and Neo 1973) have limited support since

Google's release of the Android source code on 21 October 2008.[45]  As of 4

 November 2008, the whole source stack compiles, with the kernel, user interface

and most applications working, but telephony, SMS, suspend/resume and wifi,

which rely on lower level hardware features, are not fully working. In early 2009

Cupcake images were demonstrated and available as flashable images.

• Motorola A1200 Ming

• HTC Kaiser : a port is in progress, not all features work at the moment

• HTC Vogue 

• HTC Touch Diamond: not all functions work (including Wifi)

• HTC Touch Pro

•  Nokia N810

•  Nokia 770

• Asus EEEPC 701

• Asus EEEPC 1000H

• Touch Book from Always Innovating

• Dell Axim x51v

• HTC Touch HD: similar to the Touch Diamond, not all features work such as wifi

and audio during voice calls

• Samsung Omnia: basic functions (no camera or wifi, occasional blockage, needs to

 be installed on an SD card)

• Sharp Zaurus: Running basic version

 TKM Institute of Technology13

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 14/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

Forthcoming

• Geeks'Phone Announces Geeks'Phone One in June 2009 for sale in November 2009

Geeks'Phone ONE first spanish Android phone. Launched in and.roid.es meetup in 

Barcelona (Estimated sales on November 2009 - Tech specs)

• Dell is rumoured to be working on Android phones and multimedia devices

• Samsung I7500 was announced in April 2009 for release in June.

• HTC Hero - announced 24 June 2009 for release in July.

• HKC Pearl, which claims to dual-boot Windows Mobile 6.1 and Android. It is an

HTC clone device.• HKC Imobile v413, an Android phone which is a clone of the HTC Touch.

• In September 2008, Motorola confirmed that it was working on hardware products

that would run Android.

• Huawei plans to release a phone that would run Android on T-Mobile. This date

however is not set until after June 2009.

• Archos is planning to launch a new device, which would combine significant media

capabilities with an Android operating system.

• Lenovo is working on an Android-based mobile phone that supports the Chinese

3G TD-SCDMA standard.

• HTC is planning a "portfolio" of Android based phones to be released in the middle

of 2009,

• Sony Ericsson is waiting for better multi media support in Android 2.0.

• GiiNii Movit Mini is a Internet device based on Google's Android operating

system.

• Acer  is rumored to be releasing phones called the L1, C1, E1, F1, and A1

(unconfirmed) late in 2009.

• Acer is releasing Android for the Acer One netbook in Q3 2009.

 TKM Institute of Technology14

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 15/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

• Chinese ODM Yuhua's first Android phone, the dual-SIM DSTL1 will be released

under the General Mobile brand in June. The company is planning more Android

devices.

6. SOFTWARE DEVELOPMENT

Early Android device.

The early feedback on developing applications for the Android platform was mixed.[81]

Issues cited include bugs, lack of documentation, inadequate QA infrastructure, and no

 public issue-tracking system. (Google announced an issue tracker on 18 January 2008.) In

December 2007, MergeLab mobile startup founder Adam MacBeth stated, "Functionality

is not there, is poorly documented or just doesn't work... It's clearly not ready for prime

time." Despite this, Android-targeted applications began to appear already the week after 

the platform was announced. The first publicly available application was the Snake game.

The Android Dev Phone is a SIM-unlocked and hardware-unlocked device that is designed

for advanced developers. While developers can use regular consumer devices purchased at

retail to test and use their apps, some developers may choose not to use a retail device,

 preferring an unlocked or no-contract device.

 TKM Institute of Technology15

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 16/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

 

6.1 Software development kit

The Android SDK includes a comprehensive set of development tools. These include a

debugger , libraries, a handset emulator  (based on QEMU), documentation, sample code,

and tutorials. Currently supported development platforms include x86-architecture

computers running Linux (any modern desktop Linux distribution), Mac OS X 10.4.8 or 

later, Windows XP or  Vista. Requirements also include Java Development Kit, Apache 

Ant, and Python 2.2 or later. The officially supported integrated development environment 

(IDE) is Eclipse (3.2 or later) using the Android Development Tools (ADT) Plugin, though

developers may use any text editor to edit Java and XML files then use command line tools

to create, build and debug Android applications.

A preview release of the Android software development kit (SDK) was released on 12

 November 2007. On 15 July 2008, the Android Developer Challenge Team accidentally

sent an email to all entrants in the Android Developer Challenge announcing that a new

release of the SDK was available in a "private" download area. The email was intended for 

winners of the first round of the Android Developer Challenge. The revelation that Google

was supplying new SDK releases to some developers and not others (and keeping this

arrangement private) has led to widely reported frustration within the Android developer 

community

On 18 August 2008 the Android 0.9 SDK beta was released. This release provides anupdated and extended API, improved development tools and an updated design for the

home screen. Detailed instructions  for upgrading are available to those already working

with an earlier release. On 23 September 2008 the Android 1.0 SDK (Release 1) was

released. According to the release notes, it included "mainly bug fixes, although some

smaller features were added". It also included several API changes from the 0.9 version.

 TKM Institute of Technology16

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 17/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

On March 9, 2009, Google released version 1.1 for the android dev phone. While there are

a few aesthetic updates, a few crucial updates include support for "search by voice, priced

apps, alarm clock fixes, sending gmail freeze fix, fixes mail notifications and refreshing

intervals, and now the maps show business reviews". Another important update is that Dev phones can now access paid apps and developers can now see them on the Android Market.

6.2 Android Developer Challenge

The Android Developer Challenge was a competition for the most innovative application

for Android. Google offered prizes totaling 10 million US dollars, distributed between

ADC I and ADC II.ADC I accepted submissions from 2 January to 14 April 2008. The 50

most promising entries, announced on 12 May 2008, each received a $25,000 award tofund further development. It ended in early September with the announcement of ten teams

that received $275,000 each, and ten teams that received $100,000 each. ADC II was

announced on May 27, 2009.

6.3 Native code

Libraries written in C and other languages can be compiled to ARM  native code and

installed, but the Native Development Kit is not yet officially supported by Google. Native

classes can be called from Java code running under the Dalvik VM using the

System.loadLibrary call, which is part of the standard Android Java classes.

Complete applications can be compiled and installed using traditional development tools.

The ADB debugger gives a root shell under the Android Emulator which allows native

ARM code to be uploaded and executed. ARM code can be compiled using GCC on a

standard PC Running native code is complicated by the fact that Android uses a non-

standard C library (known as Bionic). The underlying graphics device is available as aframebuffer  at  /dev/graphics/fb0. The graphics library that Android uses to arbitrate and

control access to this device is called the Skia Graphics Library (SGL), and it has been

released under an open source license. Skia has backends for both win32 and Cairo,

allowing the development of cross-platform applications, and it is the graphics engine

 TKM Institute of Technology17

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 18/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

underlying the Google Chrome web browser. Elements Interactive Mobile B.V. have

 ported their EdgeLib C++ library to Android, and native code executables of their S-Tris2

game (a Tetris clone) and Animate3D technology demo are available for download.

 TKM Institute of Technology18

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 19/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

7. APPLICATIONS

Android will ship with a set of core applications including an email client, SMS program,calendar, maps, browser, contacts, and others. All applications are written using the Java

 programming language.

7.1 Application Framework 

Developers have full access to the same framework APIs used by the core applications.

The application architecture is designed to simplify the reuse of components; any

application can publish its capabilities and any other application may then make use of 

those capabilities (subject to security constraints enforced by the framework). This same

mechanism allows components to be replaced by the user.

Underlying all applications is a set of services and systems, including:

• A rich and extensible set of  Views that can be used to build an application,

including lists, grids, text boxes, buttons, and even an embeddable web browser 

• Content Providers that enable applications to access data from other applications

(such as Contacts), or to share their own data

• A Resource Manager , providing access to non-code resources such as localized

strings, graphics, and layout files

• A Notification Manager that enables all applications to display custom alerts in the

status bar 

• An Activity Manager  that manages the lifecycle of applications and provides a

common navigation backstack 

 TKM Institute of Technology19

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 20/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

7.2 Libraries

Android includes a set of C/C++ libraries used by various components of the Android

system. These capabilities are exposed to developers through the Android application

framework. Some of the core libraries are listed below:

• System C library - a BSD-derived implementation of the standard C system library

(libc), tuned for embedded Linux-based devices

• Media Libraries - based on PacketVideo's OpenCORE; the libraries support

 playback and recording of many popular audio and video formats, as well as staticimage files, including MPEG4, H.264, MP3, AAC, AMR, JPG, and PNG

• Surface Manager - manages access to the display subsystem and seamlessly

composites 2D and 3D graphic layers from multiple applications

• LibWebCore - a modern web browser engine which powers both the Android

 browser and an embeddable web view

• SGL - the underlying 2D graphics engine

• 3D libraries - an implementation based on OpenGL ES 1.0 APIs; the libraries use

either hardware 3D acceleration (where available) or the included, highly optimized

3D software rasterizer 

• FreeType - bitmap and vector font rendering

• SQLite - a powerful and lightweight relational database engine available to all

applications

 TKM Institute of Technology20

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 21/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

7.3 Google Phone Applications

Google showed off an early build of the Android Operating System at several conferences

in 2008.

These days, it's not enough for your  smartphone to be able to check e-mail and surf the

Web as well as make phone calls. You need to have at your disposal a host of useful, fun,

  productive or just plain pointless applications. The iPhone's success has proven that a

strong application library can excite customers. Google's Android platform appears to be

following suit.

Months before the HTC G1 hit the shelves, Google unveiled the Android platform to

developers. The company created a limited software developer kit (SDK) and distributed it

to developers. Google even laid down the Android Developer Challenge -- an contest that

had a collective prize pool of $10 million.

The top developers earned $275,000 for their applications. Here's a small sample of what

made the grade:

• CompareEverywhere and GoCart are two different applications that let you

compare prices and read reviews for merchandise while you're in the store. You

take a picture of the item's bar code with the phone's camera. These applications

identify the item and aggregate reviews and prices from different sources.

• The Life360 application is part social networking, part news service. It lets you set

up a neighborhood-centric online community and share information with other 

 people in that group. It can alert you of emergencies like a tornado warning thataffects your neighborhood. Even if you are miles away, you can keep up with

what's going on back at home.

 TKM Institute of Technology21

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 22/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

•

• Locale is an application that taps into Android's GPS support. First, you identify

various locations you frequent using Google Maps. Then, you create a list of phone

settings for each location. For example, at work or in class you'd probably wantyour phone's ring tone to be appropriate and at a low volume. Once you create the

settings for each location, your phone automatically switches to the proper setting

 based on your current location. Using Locale, you never have to worry about

silencing your phone when you walk into your favorite movie theater!

•

• For the green-conscious, there's Ecorio. This application tracks your global carbon

footprint and offers suggestions to reduce your personal impact on the environment.

You can use the Google Maps application to plot out a trip and Ecorio offers

suggestions for car pooling, public transportation and other tips to create the

smallest ecological impact.

• The developers of the Softrace application wanted to build a program that inspires

 people to maintain an active lifestyle. Softrace lets people set up footraces, bicycle 

races and other competitions using the Google Maps function. Participants can

travel to a race destination, begin the race and try to make the best time. They can

compare their results with those of other participants.There are many more Android applications in the $275,000 winners' circle and beyond.

And several developers for some of the better-known iPhone applications have expressed

interest in developing an Android version of their apps. While the iPhone has a head start,

Android has the potential to equal and perhaps even surpass it on the application front.

 TKM Institute of Technology22

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 23/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

7.4 Android Runtime

Android includes a set of core libraries that provides most of the functionality available in

the core libraries of the Java programming language.

Every Android application runs in its own process, with its own instance of the Dalvik 

virtual machine. Dalvik has been written so that a device can run multiple VMs efficiently.

The Dalvik VM executes files in the Dalvik Executable (.dex) format which is optimized

for minimal memory footprint. The VM is register-based, and runs classes compiled by a

Java language compiler that have been transformed into the .dex format by the included"dx" tool.

The Dalvik VM relies on the Linux kernel for underlying functionality such as threading

and low-level memory management.

7.5 Linux Kernel

Android relies on Linux version 2.6 for core system services such as security, memory

management, process management, network stack, and driver model. The kernel also acts

as an abstraction layer between the hardware and the rest of the software stack.

 TKM Institute of Technology23

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 24/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

8. BUILDING ANDROID APPLICATIONS

One of the smartphones Google used to demonstrate an early version of Android.

To build an Android application, a developer has to be familiar with the Java programming 

language. Assuming the developer is proficient in Java, he or she can download the

software developer kit (SDK) and get started. The SDK gives the developer access toAndroid's application programming interface (API).

The SDK includes several tools, including sample applications and a phone  emulator.

Emulators are programs that duplicate the features and functions of a specific system or 

device. The Android emulator is a program that duplicates the functions of a phone running

on the Android platform. When the developer finishes building an application, he or she

can test it out on the emulator to see how the app will perform on actual hardware.

Google provides an extensive Android tutorial on its developer  Web site. The company

even provides tips on basic programming steps like testing and debugging software.

Experienced developers can skip over the tutorial and go straight to building an application.

Google even provides step-by-step instructions on how to build an application named Hello

World to give developers the chance to become familiar with Android's architecture. This

 TKM Institute of Technology24

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 25/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

 brings us to another feature of Android that sets it apart from the iPhone -- developers can

create complex applications that run in the background of other applications. Apple limits

iPhone applications to the foreground -- if you switch to a different application, the first

application you were in stops working until you return to it. This feature limits the types of applications developers can build for the iPhone. Android allows developers more

extensive access to background processes.

Google breaks down all applications into four basic building blocks (not all applications

will have every building block):

• Activities: Whenever an application displays a screen to the user, that's an activity.

For example, a map application could have a basic map screen, a trip planner screen

and a route overlay screen. That's three activities.

• Intents: Intents are the mechanisms for moving from one activity to another. If you

were to plot a trip using our example of the mapping application, an intent would

interpret your input and activate the route overlay screen. Android also allows for 

broadcast intent receivers, which are intents triggered by external events like

moving to a new location or an incoming phone call.

• Services: A service is a program that runs on its own without a user interface. For 

example, let's say you are participating in a Softrace event. Midway through the

race, you decide you want to listen to music as you burn up the track. You can

switch over to a media player application and start a song while Softrace continues

to track your progress. If Softrace were simply an activity, you would have ended

the application as soon as you switched to the media player.

• Content provider: A content provider allows an application to share information

with other applications. This allows developers to work together to create a suite of 

applications that are more robust and complex than each individual component.• There are other considerations developers must keep in mind while building

applications. They include Android's graphics rendering engine, process

management software, user interface support and other technical details. Google

 provides guides for all of these elements on its Android developer Web site.

 TKM Institute of Technology25

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 26/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

9. GOOGLE MOBILE PHONE VENDORS

The first Google phone retailed for $179 with a 2-year T-mobile contract.

There are two kinds of vendors you have to consider when you talk about a smartphone 

operating system: the handset manufacturers and the cell phone service providers. Handset

manufacturers produce the actual hardware. Service providers are the phone companies

like T-Mobile or AT&T. Some handset manufacturers work exclusively with a specific cell

 phone provider. In a few cases, a cell phone service provider will also produce its own

hardware.

As we mentioned earlier, the first handset to feature the Android OS was the High Tech

Computer Corporation's HTC G1. Before the phone even went on sale, bloggers and

 journalists began to speculate on who would be the next handset manufacturer to get into

the Android game. One manufacturer that may soon offer its own Android phone is

Motorola. In fact, according to The Wall Street Journal, Motorola may cut back on the

operating systems it currently supports to focus on producing Android phones.

Another phone company interested in producing Android phones is Japan's NTT DoCoMo

Inc. While that name may not be familiar to U.S. customers, DoCoMo is Japan's largest

mobile phone provider. DoCoMo will partner with the South Korean company KTF to

 produce the handset [source: Reuters]. Other handset manufacturers include Lenovo, Hop-

on and Huawei. As the Android OS evolves, we may see more handset manufacturers

support the platform with hardware.

The first cell phone provider to support an Android phone was T-Mobile. The company

first offered the HTC G1 on its 3G network to customers in the United States in October 

2008 for $179 with a contract. A month earlier, T-Mobile offered current customers the

opportunity to reserve an HTC G1 in advance. The pre-sale was a huge success -- T-Mobile

had to end the sale early when orders exceeded the company's stock of 1.5 million phones

[source: Bylund]. We may see more providers support Android in 2009 and beyond.

 TKM Institute of Technology26

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 27/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

But some cell phone service providers have gone so far as to criticize the Android OS in

 public. Sprint CEO Dan Hesse said that Android wasn't "good enough to put the Sprint

 brand on it" [source: Carew]. Hesse did leave open the possibility that Sprint would work 

with the Android platform in the future. Meanwhile, Peter Michaels, the CEO of Hop-on,criticized Hesse's statements. Michaels alleged that Sprint makes it hard for inexpensive

handset vendors to join their network. He also pointed out that Sprint was a founding

member of the Open Handset Alliance -- a project that spawned Android. But Michaels

said that while the company says it supports open platforms, its actions seem to contradict

those claims [source: MarketWatch].

Other cell phone service providers are taking a "wait and see" approach to Android. In the

United States, providers like Verizon and AT&T support phones that are in the same

competitive space as the HTC G1 (the Blackberry line and the iPhone, respectively). These

companies have complicated business and political considerations to take into account

 before they can support a new operating system.

10. CONCLUSION

 TKM Institute of Technology27

8/2/2019 Android Print

http://slidepdf.com/reader/full/android-print 28/28

Department of Computer Science and Engineering  Security Vulenerabilities Of Android OS

Android is open to all: industry, developers and users

Participating in many of the successful open source projects

Aims to be as easy to build for as the web.

Google Android is stepping into the next level of Mobile Internet