Learn the basic concepts of Android security: verified boot, sandboxes, and Security-Enhanced Linux (SELinux).
- [Narrator] We can look at Android application security as being in two layers. The first being the security that's provided by the underlying Android operating system security model. And the second being that which is built into the app itself. The Android security differs from standard Linux by assuming that the trust boundary is a single application, rather than a single user. It builds on this premise by providing a sandboxed environment for applications. And an explicit means of allowing interactions between the mobile hardware, the user and the application.
It also introduces the concept of signing applications to ensure they can be trusted to be legitimate. From Android 4.4 onwards, when the device starts up, the boot process is verified by a function called, device_mapper-verify. Using a hash check against the operating system disk blocks. This uses the SHA 256 algorithm. This ensures that the operating system hasn't been tampered with and provides a solid foundation for it's remaining security capabilities.
The operating system is stored as read only files. Providing an initial protection against run-time interference. As well as this, process isolation is used to protect the kernel. Applications contacts as the Android kernel memory and must use system calls to interact with kernel functions. System services are signed by a number of platform keys and cannot be changed. Only signed updates can be accepted after validation of the signature. System services are held in the folder slash system slash app and these are installed during production by the manufacturer.
And can run in an application context. There's also a set of privilege system services, held in slash systems slash priv app; which are also manufacturer installed apps but require the operating system level of privileges. Android files are protected from unauthorized access using the standard Linux file base permissions. Unless files are explicitly shared, they cannot be read or altered by another app. Android applications are available from the Google Play Store. And this is the primary, trusted source with over a million applications available.
However, there are many other sources of Android applications, including vendor specific application repositories. These may be installed by the user. Android applications are signed by their developer. And each application must have a valid certificate. These can be self-signed by the developer or signed by an authority such as Veri Sign or another registrar service. Android identifies but does not however, validate the authenticity of the signing certificate. When an application is installed, it's assigned a unique identifier known as a UID.
And it operates within it's own application sandbox. This ensures the application cannot interfere with other applications and other applications cannot interfere with it. It may also have a set of GID's, group ID's, which are associated with the permissions it has. Files created by the application are stored in the sandbox and by default, accessible only by that application. Shared data is managed through content providers. Which provide the ability to define read right permissions for other applications.
Content providers can also be used for application only data, by marking the data as not exported. Starting the Android 4.3, security enhanced Linux or SE Linux, has been adopted to harden the boundaries of the Android application sandbox. It operates on the basis of denial by default. So the, (mumbles) security related action must be explicitly approved. It brings mandatory access control which ensures that a program cannot arbitrarily assign permission for another app to access it's data.
Access rules have to be set up via policy. This is a key enhancement to protect against privileged escalation attacks. SE Linux has a concept to security domains. And Android uses this to isolate core operating system demons in their own domains. This adds additional protection against interference.
- Understanding Android OS, app, and hardware security components
- Using the Trusted Execution Environment
- Developing Android apps with security in mind
- Analyzing existing applications
- Understanding Android vulnerabilities
- Securing Android apps
- Developing secure enterprise apps