Android Introduction and ICC Inter-component communication Google Android • • • • • • • • First Android handset released in 2008 Open source Strict Sandboxing Java Dalvik VM Java Apps Lightweight code signing Permission Framework App Market (more 100K apps) The Smartphomania Source Gartner http://www.gartner.com/newsroom/id/2335616 It’s free! • Vendors can get Android for free from Google • You can get it as well • http://source.android.com/ • You’ll need • http://www.oracle.com/technetwork/java/javase/downloads/jdk7downloads-1880260.html • http://developer.android.com/sdk/index.html • Unzip it and Double click on eclipse.exe Fragmentation Problem • Vendors customise the OS in their devices • Usually a lot of rubbish apps • The worst: Samsung apps also leak privileges • http://randomthoughts.greyhats.it/2013/03/owning-samsungphones-for-fun-but-with.html • However seldom does a vendor push any updates • Some devices can be 2 or 3 versions behind • http://theunderstatement.com/post/11982112928/androidorphans-visualizing-a-sad-history-of-support Heading for Trouble • The lack of support can lead to vulnerabilities • Often vendors just ignore vulnerabilities on their software • Apple does a much better job: • One single piece of hardware • One single software image • Apple also locks you in… What is under the hood? • • • • • Android is actually middleware It sits between a Linux kernel and a set of API’s Android apps are mainly written in Java Only android apps can run on android Through the Android API apps can access all the device components • It provides apps a rich set of information Android View • Android is a set of programs for mobile devices that includes operating system, middleware and core applications Applications • Core platform • Phone, Browser, Email… • Third-party • Applications that are produced by third-party developers • Yours Java Application Framework • Core platform services • Activity, Package, Window and Content Providers • Hardware services • Telephony, Location, Bluetooth, WiFi, USB, and Sensor Services Java Android Native Libraries • Window management • 2D and 3D graphics • Media codecs • Font rendering • Datastorage core • Web browser core • Bionic libc • SSL C/C++ Android Runtime Core Libraries • Data structures, Utilities, File access, Network access, and Graphics Dalvik VM • Provides application portability • Supports multiple instances • CPU and memory optimized to run on mobile devices Linux Kernel Linux features • Hardware abstraction layer • Memory management • Process management • Security module • Networking Android enhancements • Power management • Binder IPC • Logger Android App Model • • • • Each application runs within an instance of a Dalvik VM (DVM) Each DVM is mapped in the Linux Kernel with a unique user id Android supports Inter-process communication (IPC) A reference monitor mediates IPC calls Application Components • Activities • An activity represents a single screen with a user interface. • An email app might have one activity that shows a list of new emails, another activity to compose an email, and another activity for reading emails. • Although the activities work together to form a cohesive user experience in the email app, each one is independent of the others. • Different apps can start any one of these activities (if the email app allows it). • A camera app can start the activity in the email app that composes new mail, in order for the user to share a picture. Application Components • Services • A service is a component that runs in the background to perform long-running operations or to perform work for remote processes. • A service does not provide a user interface. • A service might play music in the background while the user is in a different app, or it might fetch data over the network without blocking user interaction with an activity. • Another component, such as an activity, can start the service and let it run or bind to it in order to interact with it. Application Components • Content providers • A content provider manages a shared set of app data. • You can store the data in the file system, an SQLite database, on the web, or any other persistent storage location your app can access. • Through the content provider, other apps can query or even modify the data (if the content provider allows it). • The Android system provides a content provider that manages the user's contact information. As such, any app with the proper permissions can query part of the content provider to read and write information about a particular person. • Content providers are also useful for reading and writing data that is private to your app and not shared. • The Note Pad sample app uses a content provider to save notes. Application Components • Broadcast receivers • A broadcast receiver is a component that responds to systemwide broadcast announcements. • Many broadcasts originate from the system • A broadcast announcing that the screen has turned off, the battery is low, or a picture was captured. • Apps can also initiate broadcasts • To let other apps know that some data has been downloaded to the device and is available for them to use. • A broadcast receiver is just a "gateway" to other components and is intended to do a very minimal amount of work. • It might initiate a service to perform some work based on the event. Additional Components • Views • Views are objects that know how to draw themselves to the screen • Each activity is made up of a set of views grouped together within a layout • Intents • These are objects used to send messages across the whole Android system • They are used to broadcast messages, start an Activity, or start a Service • The system interprets the intent and determines the target that will perform any actions as appropriate • Notifications • Used in an application to alert users to certain events without having a visible activity • When a service finishes downloading a file from the Internet, it can alert the user by a notification that can make sound, show dialog messages, vibrate, etc. Note: An application is a set of components Application Components Mapping Apps to Users • Two forms of security enforcement • Each application executes with its own user identity as a Linux process • Android middleware has a reference monitor that mediates the establishment of inter-component communication (ICC) • Allows for an activity to start and use any other activities within/without the one that started it (if permission is allowed) Inter-Component Communications • Each Component exposes a specific API for communications • Services expose Start, Stop, Bind as actions that other applications can invoke through Intents The Binder • • • • • • It is responsible for all ICC in Android It is implemented as a driver in the Linux kernel It is a customised version of the Open Binder (Palm Inc) It provides a simple remote procedure call (RPC) mechanism Apps use Java methods to invoke ICC Android then translates this in C++ invocations and system calls to the Binder driver • open and ioctl to /dev/binder Intents • Intents are abstract actions in ICC • asynchronous messaging system • message passing between components • Two variants: • Explicit Intents: specify the target component of the ICC • Implicit Intents: provide information like action, URI and type. • Resolved at runtime by the Package Manager Activity Manager (AM) • The AM is a special service that apps use for ICC • It provides more than 100 methods • Most common are: startActivity, sendBroadcast, startService, and bindService • Apps can export services by “publishing” them with the AM Activity Manager bindService Example • The app send an explicit intent with the name of the service • The service will die after the app client unbinds the service • BIND_SERVICE_TRANSACTION through the Binder using ioctl system call Communication with the Binder • The main functionality of the Binder is accessed via an ioctl system call • BINDER_WRITE_READ is the main command for ICC • The last argument of the ioctl is a BINDER_READ_WRITE structure • WRITE_BUFFER: sub-commands to the binder and arguments • READ_BUFFER: contains replies from the sub-commands BINDER_READ_WRITE • • • • ioctl on /dev/binder BINDER_WRITE_READ Sub-command:BC_TRANSACTION: target name = android.app.IActivityManager code = BIND_SERVICE_TRANSACTION Other Inter-component communication • Similar considerations hold for other ICC types • These include: • Broadcast Receivers • Content Providers • Service Manager • We will see more of these in detail next lecture Resources • Read: William Enck, Machigar Ongtang, and Patrick McDaniel. Understanding Android Security, IEEE Security and Privacy Magazine, 7(1):50--57, January/February, 2009. • Figures in slides 20-22 Questions?