P. 1
Android Report Vishwesh

Android Report Vishwesh

|Views: 15|Likes:
Published by Vishwesh Nagamalla

More info:

Published by: Vishwesh Nagamalla on Feb 27, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Seminar Report on

Report submitted in partial fulfillment of the requirement for the Award of degree of

Master of Technology

Computer Networks and Information Security

VISHWESH.N (10031D6421) Under the esteemed guidance of

Dr. M. Sreenivasa Rao
Director School of IT, JNTU Hyderabad




This is to certify that the Technical Seminar report entitled “Android” is being submitted by VISHWESH.N bearing roll number 10031D6421, in partial fulfillment of the requirements for the award of the degree of Master of Technology in Computer Networks and Information Security to the School Of Information Technology, Jawaharlal Nehru Technological University Hyderabad is a record of bonafide work carried out by him under my/our guidance and supervision. The results presented in this report have been verified and are found to be satisfactory. The results embodied in this report have not been submitted to any other University for the award of any degree or diploma.

Signature Internal Guide Dr.M.SREENIVASA RAO Director, SIT, JNTUH, Kukatpally, Hyderabad-85.

Signature Coordinator Mr. G.PRAVEEN BABU Associate Professor, SIT, JNTUH, Kukatpally, Hyderabad-85.


M. Lastly I would like to express my heartfelt indebtedness towards all those who have helped me directly or indirectly for the success of the seminar.Vishwesh.Sreenivasa Rao.ACKNOWLEDGEMENT It gives me immense pleasure in presenting seminar on the topic Android.N (10031D6421) 3 . I acknowledge the enormous assistance and excellent co-operation extended to by my respected guide Dr. I would also like to thank the staff members for their valuable support. .

4 Linux Kernel------------------------------------------------------------------12 Chapter 5 5.9 4.1 Application Framework----------------------------------------------------.1.Table of Contents Chapter 1 1.1 Android Architecture ----------------------------------------------------------------.1 Architecture for Secure Data storage------------------------------------------------13 Chapter 6 6.1 Features of Android OS -------------------------------------------------------------.1 Execution Environment --------------------------------------------------------------16 6.3 Development Tools-----------------------------------------------------------------.1.7 Chapter 4 4.2 Security and permissions in Android ------------------------------------------------22 7.3 Android Runtime-------------------------------------------------------------11 4.1.1 Abstract ------------------------------------------------------------------------------.8 4.2 Libraries----------------------------------------------------------------------10 4.1.1 Introduction -------------------------------------------------------------------------.5 Chapter 2 2.6 Chapter 3 3.1 Lifecycle of an Android Application --------------------------------------------------20 7.23 Conclusion --------------------------------------------------------------------------------25 References --------------------------------------------------------------------------------26 Glossary -----------------------------------------------------------------------------------27 4 .2 The Dalvik Virtual Machine-----------------------------------------------------------19 Chapter 7 7.

such as contacts or geographic location -.Combine information from the web with data on the phone -. Breaking down boundaries . software and telecom companies devoted to advancing open standards for mobile devices.even the dialer or home screen can be replaced. The unveiling of the Android platform on 5 November 2007 was announced with the founding of the Open Handset Alliance. When released in 2008.Android does not differentiate between the phone's basic and third-party applications -. including a true device emulator and advanced debugging tools. middleware and key applications. 1 1 1 5 . 1 Open .to create new user experiences. Android is a software platform and operating system for mobile devices based on the Linux operating system and developed by Google and the Open Handset Alliance. Fast and easy development . but does not support programs developed in native code.Chapter 1 1.Android allows to access core mobile device functionality through standard API calls. It allows developers to write managed code in a Java-like language that utilizes Google-developed Java libraries. a consortium of 34 hardware. ABSTRACT Android is a software stack for mobile devices that includes an operating system. All applications are equal . most of the Android platform will be made available under the Apache free-software and open-source license.The SDK contains what need to build and run Android applications.

. Android is a software platform and operating system for mobile devices based on the Linux operating system and developed by Google and the Open Handset Alliance.1. but does not support programs developed in native code. most of the Android platform will be made available under the Apache free-software and open-source license. middleware and key applications. Intel. At the time.2 Open Handset Alliance Founded On 5 November 2007. Motorola. an open source mobile device platform based on the Linux operating system.Chapter 2 2. 2. When released in 2008. 2008. T-Mobile. 6 . the OHA also unveiled their first product. A 'd-pad' control zooming of items in the dock with a relatively quick response. and Chris White (one of the first engineers at WebTV). Android. Qualcomm. Nick Sears (once VP at T-Mobile). a consortium of 34 hardware. the Open Handset Alliance. Google acquired Android Inc. a consortium of several companies which include Google. at the Mobile World Congress on February 12. It allows developers to write managed code in a Java-like language that utilizes Google-developed Java libraries. 2. Inc). little was known about the functions of Android Inc. Sprint Nextel and NVIDIA. a small startup company based in Palo Alto. One prototype at the ARM booth displayed several basic Google applications.1.1 THE BIRTH OF ANDROID Google Acquires Android Inc. CA.1 INTRODUCTION Android is a software stack for mobile devices that includes an operating system. Rich Miner (co-founder of Wildfire Communications.3 Hardware Google has unveiled at least three prototypes for Android. In July 2005. Android's co-founders who went to work at Google included Andy Rubin (co-founder of Danger). HTC. The unveiling of the Android platform on 5 November 2007 was announced with the founding of the Open Handset Alliance. software and telecom companies devoted to advancing open standards for mobile devices.1. other than they made software for mobile phones. was unveiled with the goal to develop open standards for mobile devices. Along with the formation of the Open Handset Alliance. 2.

PNG. compass. H. JPG. and a plug-in for the Eclipse IDE 7 . EDGE. GPS. video. and still image formats (MPEG4.0 specification (hardware acceleration optional) · · SQLite for structured data storage Media support for common audio. 3G. AMR.1 Features of Android OS · · · · Application framework enabling reuse and replacement of components Dalvik virtual machine optimized for mobile devices Integrated browser based on the open source WebKit engine Optimized graphics powered by a custom 2D graphics library.Chapter 3 3. MP3. memory and performance profiling. and Wi-Fi (hardware dependent) Camera. GIF) · · · · GSM Telephony (hardware dependent) Bluetooth. AAC. 3D graphics based on the OpenGL ES 1. tools for debugging. and accelerometer (hardware dependent) Rich development environment including a device emulator.264.

• Chapter 4 4.1 Android Architecture The following diagram shows the major components of Android Figure 1: Architecture of Android OS 8 .

or to share their own data · A Resource Manager. buttons. including: · A rich and extensible set of Views that can be used to build an application. Underlying all applications is a set of services and systems. and lat files · · A Notification Manager that enables all applications to display custom alerts in the status bar An Activity Manager that manages the life cycle of applications and provides a common navigation back stack 9 . providing access to non-code resources such as localized strings.1 Application Framework Developers have full access to the same framework APIs used by the core applications. The application architecture is designed to simplify the reuse of components. graphics.4.1. grids. This same mechanism allows components to be replaced by the user. and even an embeddable web browser · Content Providers that enable applications to access data from other applications (such as Contacts). text boxes. including lists. any application can publish its capabilities and any other application may then make use of those capabilities (subject to security constraints enforced by the framework).

manages access to the display subsystem and seamlessly composites 2D and 3D graphic layers from multiple applications · LibWebCore . 10 .a powerful and lightweight relational database engine available to all applications. the libraries support playback and recording of many popular audio and video formats. JPG.a BSD-derived implementation of the standard C system library (libc). the libraries use either hardware 3D acceleration (where available) or the included.2 Libraries Android includes a set of C/C++ libraries used by various components of the Android system. and PNG · Surface Manager .264. AMR.a modern web browser engine which powers both the Android browser and an embeddable web view · · SGL . including MPEG4. highly optimized 3D software rasterizer · Free Type .1.0 APIs.based on PacketVideo's Open CORE.bitmap and vector font rendering SQLite .the underlying 2D graphics engine 3D libraries . MP3. H. AAC. Some of the core libraries are listed below: · System C library .4.an implementation based on OpenGL ES 1. These capabilities are exposed to developers through the Android application framework. tuned for embedded Linux-based devices · Media Libraries . as well as static image files.

where the main component Dalvik Virtual Machine is located. after this byte code becomes much more efficient to run on the small processors. 11 . At the same level there is Android Runtime.dex file As the result. The VM is register-based. IO and other tools. where the limited battery. with its own instance of the Dalvik virtual machine.3 Android Runtime Android includes a set of core libraries that provides most of the functionality available in the core libraries of the Java programming language. memory and data storage are the main issues. Every Android application runs in its own process. Figure 2: Conversion from . The Dalvik VM executes files in the Dalvik Executable (. It was designed specifically for Android running in limited environment.dex format by the included "dx" tool. Android gives an integrated tool “dx”.jar to .dex) format which is optimized for minimal memory footprint.dex file. Dalvik has been written so that a device can run multiple VMs efficiently.1. the utilities.java to . which converts generated byte code from . and runs classes compiled by a Java language compiler that have been transformed into the . it is possible to have multiple instances of Dalvik virtual machine running on the single device at the same time. CPU. The Core libraries are written in Java language and contains of the collection classes. The Dalvik VM relies on the Linux kernel for underlying functionality such as threading and low-level memory management.4.

WCDMA/HSUPA and EGPRS network support 2.4 Linux Kernal Android Architecture is based on Linux 2. Support for Linux and other third-party operating systems 5. It helps to manage security. process management. network stack and other important issues. memory management. Bluetooth 1. Therefore. the user should bring Linux in his mobile device as the main operating system and install all the drivers required in order to run it. gpsOne – solution for GPS 12 .1. For instance.0 megapixels 7.4. the current kernel tree supports Qualcomm MSM 7200A chipsets. Android provides the support for the Qualcomm MSM7K chipset family.6 kernel. Digital audio support for mp3 and other formats 4. which includes major features: 1. Java hardware acceleration and support for Java applications 6. Qcamera up to 6. but in the second half of 2008 we should see mobile devices with stable version Qualcomm MSM 7200.2 and Wi-Fi support 3.

2. we have the following workflow: 1. 4. The credentials are not sent to the SSO service over the network. It is as shown in the figure. 3. Additional security highlights will be presented at the end of the section.Chapter 5 5.1 Architecture for Secure Data Storage Figure 3 Android and Secure Local Data Storage Secure data storage solution that could potentially be deployed on Android. However. many shortcomings of the design have been addressed. Already we gain the advantage that the user’s password is not sent over the network. The private key is used to decrypt the symmetric cipher key. The symmetric cipher key is used to encrypt/decrypt any locally cached data. the credentials are used as the passphrase to decrypt the local public/private key pair of the user. A strong symmetric cipher like 3DES is used. Instead. 13 . Using figure 3. All data found in the local cache is encrypted with the symmetric cipher key defined in step #3. The user enters his credentials on the handset. We define the public/private key pair to be of type RSA and of at least 4096 bits in size.

The certificates of the servers that host the web services are procured from the same certificate authority that shipped with the phone. This could be done at install time of the handset application. The Android background application can now communicate with any Restful web services that adhere to the same SSO federation. we login with the SSO system using public/private key infrastructure. it would be possible to further extend this architecture to store the encrypted symmetric key on the server. “Man-in-the-middle”38 attacks are not possible since the application is deployed with the CA certificate of the company that will be hosting the web services. 9. Data is returned to the user facing application. the SSO token is extracted from the request. On reception of the SSO token.5. The SSO system can identify the user based on this challenge and returns a 496 bit alpha numeric token. The public/private keys that are central to the security architecture are protected by a passphrase. 4. The tokens generated by the SSO system are set to automatically expire after a given period of time. the symmetric cipher described in bullet #3 above is used to encrypt the data before it reaches any local persistent storehouse. 3. That being said. The certificate of the user must at least be registered once in the SSO application. We must communicate with the SSO service again to be able to receive fresh data from the Restful web services. 6. This way. the private key has never left the phone nor has it been transferred over any network. 2. unlike the architecture presented in section 2 of this document. However. If the user enters an overly simple password. As such. Additional security notes: 1. The passphrase is the weakest link in the chain. 8. If the requested data is not locally cached or expired. 7. If the device is lost. 5. The user name and the password are never sent over the network. access could be gained to the private key and hence the locally cached data. This is because the encrypted strong symmetric cipher key is 14 . all the locally cached data is completely unreadable. As such. The web service calls upon the SSO system to authorize the operation. the locally cached data still cannot be accessed. 10. The public/private key pair of the user is generated directly on the handset at install time. even if the passphrase of the private key is compromised. Public/private key infrastructure is once again used to setup a secure communication channel between the phone and the server. 6. we login to the SSO server using a hostile challenge based on the private key of the user. On reception of the data. On reception of a request. The symmetric key that encrypted this data is also unreadable.

It is also possible to enforce a strong password policy directly from the handset application. The local caching system could also require an SSO token and subsequently request authorization from an SSO system. Such a design would prevent terminated employees. Even if this key is intercepted in transit it is useless without the user’s private key. 8. i. from accessing the locally cached data. there has been ample time to report the stolen phone and revoke this key from this user account on the server. 9. The user must enter a username and password to prove his identify. Furthermore.. By the time the passphrase has been cracked. 7. Even if this design is significantly more secure than the previous iteration. to the user. an Individual who already knows what the local credentials are. the experience is the same.stored on the server. We could augment the architecture in yet another direction. under this scheme. the key stored on the server is still encrypted. 15 .e.

1 Execution Environment Figure 4 Regular Java Execution Process 16 .Chapter 6 6.

Figure 5 Android Execution Environment 17 .

even if the original source code is not available. they need to: 1. it is expected that has Apache Harmony matures. Such libraries must meet stringent requirements however. Instead. the Android translators work on the resulting Java bytecode emitted from a traditional Java compiler. well-documented and well-tested libraries ready for use. not use any packages or classes specific to the Sun Microsystems platform 4. not use any Java classes or packages found in Java SE 5 not found in the Android platform 3. packages and libraries piecemeal. more and more compatibility issues will be resolved further increasing the pool of available Java code that will be able to execute unmodified under the Android platform. As such. Furthermore. still behave in a predictable manner under the Apache Harmony Java environment Following these guidelines. 18 . adhere to the Java SE 5 dialect 2. Special care will be needed in the integration phase of such code but the potential savings offered by such integration far outweighs the cost of rewriting well-coded.Figures 4 and 5 represent the regular Java and Android execution paths respectively. It is interesting to note here however is that the Android compilers do not operate on Java language code. it is possible to reuse existing Java libraries. it’s possible to integrate existing Java source code.

low memory devices like phones. Its low electrical power consumption. This means that standard Java SE applications and libraries cannot be used directly on the Android Dalvik virtual machine.2 The Dalvik Virtual Machine The Dalvik Virtual Machine The Dalvik virtual machine is an interpreter only machine optimized for use on low powered. rich libraries. 19 . since Dalvik uses the Java programming language but not the Java execution environment (JVM). Google claims this format allows battery power to be better-conserved at all different stages of execution of an application. Furthermore. Dalvik however stands at the center of the Android value proposition. Dalvik does not make use of just in time (JIT) Compilation to improve the performance of an application at runtime. Furthermore. instead it uses its own bytecode format called “dex”. or so Google hopes. Notably. and unified. non-fragmented application programming interfaces make it stand out.6. This is because Dalvik is unable to read Java bytecode34. Google is free to develop Android without the need to license or obtain certification from Sun Microsystems Inc. the legal owner of the Java trademark and brands. Dalvik is not a Java virtual machine. over the fragmented ecosystem that is Java ME35 today.

These are. A common example of a process life-cycle bug is an IntentReceiver that starts a thread when it receives an Intent in its onReceiveIntent() method. This process is created for the application when some of its code needs to be run. Android places them into an "importance hierarchy" based on the components running in them and the state of those components. so the system knows that there is still active work being done in the process. it is determined by the system through a combination of the parts of the application that the system knows are running. and then returns from the function. An important and unusual feature of Android is that an application process's lifetime is not directly controlled by the application itself. in order of importance: 1. and will remain running until it is no longer needed and the system needs to reclaim its memory for use by other applications. A foreground process is one holding an Activity at the top of the screen that the user is interacting with (its onResume () method has been called) or an IntentReceiver that is currently running (its onReceiveIntent () method is executing). Service. To determine which processes should be killed when low on memory. and how much overall memory is available in the system. Once it returns. and IntentReceiver) impact the lifetime of the application's process. Generally at this point the device has reached a memory paging state. Instead. 20 .1 Lifecycle of an Android Application In most cases. the system considers that IntentReceiver to be no longer active. it may kill the process at any time to reclaim memory.Chapter 7 7. and thus its hosting process no longer needed (unless other application components are active in it). every Android application runs in its own Linux process. There will only ever be a few such processes in the system. so this action is required in order to keep the user interface responsive. terminating the spawned thread that is running in it. and these will only be killed as a last resort if memory is so low that not even these processes can continue to run. Not using these components correctly can result in the system killing the application's process while it is doing important work. Thus. The solution to this problem is to start a Service from the IntentReceiver. It is important that application developers understand how different application components (in particular Activity. how important these things are to the user.

they are generally doing things that the user cares about (such as background mp3 playback or background network data upload or download). 5. the system picks the most important level of all the components currently active in the process. A visible process is one holding an Activity that is visible to the user on-screen but not in the foreground (its onPause() method has been called). Provided they implement their activity life cycle correctly (see Activity for more details). These processes have no direct impact on the user experience. A background process is one holding an Activity that is not currently visible to the user (its onStop() method has been called). A service process is one holding a Service that has been started with the startService() method. the system can kill such processes at any time to reclaim memory for one of the three previous processes types. for example. The only reason to keep such a process around is as a cache to improve startup time the next time a component of its application needs to run. Though these processes are not directly visible to the user. An empty process is one that doesn't hold any active application components. 3. so the system will always keep such processes running unless there is not enough memory to retain all foreground and visible process. the system will often kill these processes in order to balance overall system resources between these empty cached processes and the underlying kernel caches. 4. 21 . Usually there are many of these processes running.2. if the foreground activity has been displayed with a dialog appearance that allows the previous activity to be seen behind it. As such. so they are kept in an LRU list to ensure the process that was most recently seen by the user is the last to be killed when running low on memory. Such a process is considered extremely important and will not be killed unless doing so is required to keep all foreground processes running. This may occur. When deciding how to classify a process.

open platform has its own disadvantages. used for spying and identity theft. Another solution for such attacks is SMobile Systems mobile package. as it connects to the internet. Additional finergrained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform. Android mobile phone platform is going to be more secure than Apple’s iPhone or any other device in the long run. And neither the Android phone nor other devices will prove to be the exception. Security Shield –an integrated application that includes anti-virus. Hence SMobile Systems is ready to notify and block these secure alerts. This foundation joins particular companies to develop an open mobile-device software platform. One of them is security vendor McAfee.7. However. Currently.2 Security and Permissions in Android Android is a multi-process system. a member of Linux Mobile (LiMo) Foundation. Stealthy Trojans hidden in animated images. But the truth is that it is not possible to secure r mobile device or personal computer completely. where each application (and parts of the system) runs in its own process. such as source code vulnerability for black-hat hackers. firewall and other mobile protection is up and ready to run on the Android operating system. As a result. In parallel with great opportunities for mobile application developers. It is possible for somebody to use the GPS feature to track a person’s location without their knowledge. Linux secure coding practice should successfully be built into the Android development process. such as user and group IDs that are assigned to applications. 22 . Many of the companies listed in the LiMo Foundation have also become members of the Open Handset Alliance (OHA). all these threats will be active for a long run. the main problem is availability for viruses to pose as an application and do things like dial phone numbers. Most security between applications and the system is enforced at the process level through standard Linux facilities. there is an expectation for exploitation and harm. There are several solutions nowadays to protect Google phone from various attacks. send text messages or multi-media messages or make connections to the Internet during normal device use. anti-spam. particular viruses passed from friend to friend.

3 Development Tools The Android SDK includes a variety of custom tools that help develop mobile applications on the Android platform.7. packaging. For example. the ADT plugin gives an incredible boost in developing Android applications: It gives access to other Android development tools from inside the Eclipse IDE. It provides an Android code editor that helps write valid XML for r Android manifest and resource files. It provides a New Project Wizard. ADT lets access the many capabilities of the DDMS tool — taking screenshots. and viewing thread and process information — directly from Eclipse. debug. making creating and debugging r Android applications easier and faster. 23 . can use it to kill processes. but the SDK also includes a variety of other tools for debugging. view heap and thread information. If use Eclipse. select a specific process to debug. Android Emulator A virtual mobile device that runs on computer use the emulator to design. The most important of these are the Android Emulator and the Android Development Tools plugin for Eclipse. generate trace data. the Android platform's custom VM. setting breakpoints. and installing r applications on the emulator. which helps quickly create and set up all of the basic files’ll need for a new Android application. managing portforwarding. this tool lets manage processes on an emulator or device and assists in debugging. Android Development Tools Plugin for the Eclipse IDE The ADT plugin adds powerful extensions to the Eclipse integrated environment. It automates and simplifies the process of building r Android application. and more. and test r applications in an actual Android run-time environment. take screenshots of the emulator or device. Dalvik Debug Monitor Service (ddms) Integrated with Dalvik.

) activityCreator A script that generates Ant build files that can use to compile r Android applications. sqlite3 Included as a convenience.class bytecode into Android bytecode (stored in .Android Debug Bridge (adb) The adb tool lets install application's . dx The dx tool rewrites . to simulate the presence of an external storage card (such as an SD card). mksdcard Helps create a disk image that can use with the emulator. such as what a service might use.dex files. 24 . can also use it to link a standard debugger to application code running on an Android emulator or device. Android Interface Description Language (aidl) Aidl Lets generate code for an interprocess interface. If are developing on Eclipse with the ADT plugin. this tool lets access the SQLite data files created and used by Android applications. Trace view This tool produces graphical analysis views of trace log data that can generate from r Android application.apk files containing the binaries and resources of Android applications. Android Asset Packaging Tool (aapt) The aapt tool lets create .apk files on an emulator or device and access the emulator or device from a command line. won't need to use this script.

can even replace built-in components with own improved versions. free development platform based on Linux and open source.Conclusion Android is a truly open. A component-based architecture inspired by Internet mash-ups. Google Android is stepping into the next level of Mobile Internet 25 . developers and users Participating in many of the successful open source projects Aims to be as easy to build for as the web. Handset makers can use and customize the platform without paying a royalty. Parts of one application can be used in another in ways not originally envisioned by the developer. This will unleash a new round of creativity in the mobile space. • • • • Android is open to all: industry.

com/android/ .Open Handset Alliance webpage 4.org/wiki/Android_(mobile_phone_platform)–Wikipedia information 5. http://www. White paper for “A Spectrum White Paper: Thoughts on Google Android” from Spectrum data Technology.com/ .openhandsetalliance. http://googleblog.com 2. http://www.Google Android official webpage 3.blogspot. http://en.Official Google Blog 26 .wikipedia.com/ .spectrumdt.References 1.google. http://code.

Software Development Kit APIs .Open Handset Alliance GPS – Global Positioning system LRU – Last Recently Used MHTML – Mobile HTML QoS – Quality of Service WAP – Web Application Protocol CSD – Circuit Switched Data OTA – Over-the-Air 27 .Glossary SDK .Application Program Interfaces GUI .Graphical User Interface OHA .

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->