Dalvik code is accountable forprocess segregation and thread management. Each Android application correspondsto a separate instance of Dalvik virtual machine, and can be executed invirtual machine. Figure 1: Androidsoftware stackThe Android operating system’sobjective is to guard user data, protect system resources, and offerapplication separation.
To accomplish these goals the following securityfeatures are provided:1. Mandatoryapplication sandbox for all applications2. Secureinter process communication3. Robustsecurity at the OS level through the Linux kernel4. Applicationdefined and user granted permissions5.
Applicationsigning 4: Android Security Features4.1: SandboxAndroid applications are run in asandboxed environment by assigning each application a Linux User Identificationnumber (UID) and a group ID (GID). For the operating system, this creates theappearance that applications are actually take apart people using the device.
The UID number is unambiguous to the developer of the app to avert masqueradeof another developer in the Google Play store. Applications from the samedeveloper have the option to unite permissions into a single user if theyrequest to do so.4.2: BroadcastsIn addition IPC, apps can be authorizedto both send and receive messages to all applications on the device. This iscalled broadcasting and broadcast receiving, correspondingly.
Broadcasts can bemessages such as “Battery Low”, which shows for a concise moment. Broadcastreceiving is the procedure of receiving these broadcasts in charge to carry outsome action. For example, an app may desire to know when the “Battery Low”broadcast is received in order to optimize battery life.
4.3: PermissionsPermissions permit and refutedeveloper’s access to responsive user data or phone functions. If anapplication desires to use risky permissions, the user must accept the requestbefore the app can gain access. This security determines allows users to make thesignificant security decisions.
4.4: IntentsIn Android, events are determined byIntents. Intents are objects that converse the wish to perform an action, forexample open up the user’s contacts.
Intents can be packaged with extra data,such as opening up a precise contact inside the user’s contacts. Intents can beImplicit or Explicit. Implicit Intents will request all able applications onthe device to carry out the desired action whereas; Explicit Intents signalprecisely what app will execute the Intent. The apps that can hold the requestwill be notified only.
Such as, when a user has two Internet browsers andwishes to open a link, both browsers could be used, so the system will ask theuser to choose which one he/she prefers.4.5: IPCEven if apps are sandboxed,applications can still communicate with other apps and the Android system ifthe accurate permissions are in place. Both apps need permission if not therequesting app cannot communicate with other apps. This is called Inter-ProcessCommunication (IPC). Having apps commune with the same UID can be a securityrisk that allows privilege escalation.
5:Security Weaknesses of Android OS I will try to summarize thelimitations, which discover the weaknesses, of Android security model and itsapp-market ecosystem as follows: 1: Android adopts an open market model withless unconfirmed app installation: