![Page 1: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/1.jpg)
1
Company Proprietary and ConfidentialThe document name can go here
Android OS Security
Omar Alaql
July 8, 2013
Kent State UniversityAndroid OS Security
![Page 2: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/2.jpg)
2
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Outline:
• Introduction.• History.• Android Architecture.• Security and privacy.• Vulnerabilities.• Application piracy.• Security Measures.• Conclusion.
![Page 3: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/3.jpg)
3
Company Proprietary and ConfidentialThe document name can go here
Introduction
• Android is a Linux-based operating system.• Android is open source,
– freely modified and distributed by device manufacturers, wireless carriers and enthusiast developers.
• the world's most widely used smartphone platform, sharing 75% of smartphone market. – Due to the broad range of manufacturers.
Kent State UniversityAndroid OS Security
![Page 4: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/4.jpg)
4
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
![Page 5: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/5.jpg)
5
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
• Initially developed by Android Inc.
• Android, Inc. was founded in Palo alto ,California in October 2003 by Andy Rubin.
• Acquired later by Google in 2005.
• The first commercially available phone to run Android was the HTC Dream, released on October 22, 2008.
History
![Page 6: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/6.jpg)
6
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Android versions
![Page 7: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/7.jpg)
7
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Android Architecture
![Page 8: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/8.jpg)
8
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
• Android device owners are not given root access.– However:
• It can be obtained by exploiting security flaws in Android.
– used frequently by the open source community to enhance the capabilities of their devices.
• by malicious parties to install viruses and malware.
Security and privacy
![Page 9: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/9.jpg)
9
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Security and privacy• Android applications run in a
sandbox.• Sandbox is an isolated area of the
system that does not have access to the rest of the system's resources.– unless access permissions are
granted by the user • Sandboxing
– reduces the impact of vulnerabilities and bugs in applications.
– preventing malicious processes from crossing between applications.
![Page 10: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/10.jpg)
10
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Security and privacy
• Android is becoming the most-targeted mobile platform.
• The open nature of Android and its large user base have made it an attractive and profitable platform to attack.
• Google provides major updates to Android every six to nine months– but a majority of Android users have not been able
to upgrade to the new OS because the process is controlled by the carriers (one of the biggest security threats).
![Page 11: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/11.jpg)
11
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Security and privacy• Has no internal back-up restoration.
– There are many third-party applications for back up.
• Deficiency of hardware data encryption.– Honeycomb operating software has hardware
encryption problems.
• A lot of Android malware and Fake anti-malware.– Increased more than 400% this year.
• Lookout Mobile Security, AVG Technologies and McAfee, have released antivirus software for Android devices
![Page 12: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/12.jpg)
12
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Vulnerabilities
• The Android Market: – a number of malware-infected apps and
games being made available to users.– Google currently uses their Google Bouncer
malware scanner to watch over and scan the Google Play store apps.
• Application permissions: – the reality is that many apps request
permission to access sensitive content they have no actual need for.
• Untrusted third party applications.– difficult to identify reputable vendors
![Page 13: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/13.jpg)
13
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Vulnerabilities• Rooting:
– The process of gaining root access.– akin to jail-breaking an iPhone – opens out additional functionality and servicesto
users.– common exploit used by malicious applications.
• Wi-Fi: – compromise on unprotected Wi-Fi networks.– FaceNiff : intercept the social networking logins.
• Last vulnerability was detected last week July 4, 2013– SMS Phishing Scams.
![Page 14: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/14.jpg)
14
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Application piracy
• In 2010, Google released a tool for validating authorized purchases for use within apps.– insufficient and trivial to crack.
• In 2012 Google released a feature in Android 4.1 that encrypted paid applications so that they would only work on the device on which they were purchased.– deactivated due to technical issues.
![Page 15: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/15.jpg)
15
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Security Measures
• Permissions management: – LBE Privacy Guard acts as somewhat of an
application firewall. • granting the user the ability to block an application’s
individual permissions– Kirin:
• determine if the requested permissions are relevant or not.
• Installing trusted packages: – The ability to install non-Market applications.– APK : the standard Android install file format.– A program called APK Inspector has recently been
released that will scan the assets, resources, and certificates contained within the APK to ensure it is secure.
![Page 16: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/16.jpg)
16
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Security Measures
• Trace and wipe: – If your Android device is lost or stolen, you can use
these applications to remotely ping the device for its location and/or instruct it to delete specific content. • Invisible.• send remote commands.• get the current GPS location. • Activate a loud siren.• Let the phone call you back and listen to what
happens on the other side.
![Page 17: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/17.jpg)
17
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
• Anti-virus: – None of these apps are asking for root access, and
therefore they are failing to search for infections on the area of the device that is most targeted and vulnerable.
– it covers the apps folders, SD card, SMS, and contact.
– DroidSecurity, Lookout.
• Link security: – malicious links are always loitering in the
background waiting to seduce and ensnare hapless users.
– There are a number of vendors that have created link security applications.
Security Measures
![Page 18: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/18.jpg)
18
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Conclusion
• There is no one-stop effective security measure that can be implemented on an Android operating system.
• To be secure:– Use built in security features.– Avoid free-unsecured Wi-Fi access.– Securitize every app you download regardless of
source.– Understand the permissions before accept them.– Use an effective security app.
![Page 19: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/19.jpg)
19
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Reverences• An Android Security Case Study with Bauhaus,
Bernhard J. Berger, Michaela Bunke, and Karsten Sohr
• Understanding Android Security, William Enck, Machigar Ongtang, and Patrick Mcdaniel
• http://en.wikipedia.org/wiki/Mobile_operating_system
• http://www.bitdefender.com/security/android-vulnerability-opens-door-to-sms-phishing-scams.html
• http://www.android-app-market.com/android-architecture.html
![Page 20: 1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security](https://reader030.vdocuments.net/reader030/viewer/2022032805/56649ef25503460f94c036e2/html5/thumbnails/20.jpg)
20
Company Proprietary and ConfidentialThe document name can go here Kent State UniversityAndroid OS Security
Reverences
• http://techbii.com/security-risks-android/
• http://www.androidpolice.com/2010/11/29/theft-aware-2-0-the-most-ingenious-android-security-solution-with-the-best-root-integration-weve-seen-to-date-really-hands-on-review/