From a mobile phone that was just used as a means of communication to smart phones which are as powerful as your personal computers ,next generation mobile phones can possible do anything .
Gone are those days where we required to carry a laptop everywhere . All you need today is a smart phone and internet connection. Just like your PC these phone have an OS (Operating System) . Windows Mobile , Symbian OS, Bada OS, iOS and the most recent one which has arrived with a bang in the market with features just unimaginable on your phone is the GOOGLE ANDROID. Android enabled phone available in markets are popular because of its unlimited functionalities.
With all the brilliant functionalities and application that complete your work at the click of a button , comes in the concern of security in these phone .Are these really capable of providing safety to your personal and confidential data ?
In this post we shall look into the architecture of Android phones and address the issue of security associated with the same .
Android Architecture :
Google 's Android Development SDK was first available commercially in G1-Android phone. Android use Linux OS so the user can experience the same internet connectivity as on their PC .
Android is first truly open source platform for mobile phones with full integrated software stack that consists of an operating system, middle-ware and a user friendly interface .It allows the user to develop applications, software and functionalities without limitations.
Application layer consists of the basic application such as the browser,SMS client,calender and many other applications.It has a integrated browser based on Open Source Web Kit engine which allows the user to view the web pages in the same manner as on their PC.Application framework is the next layer which consist of the security constraints.It also has many open source libraries. Android has included set of core libraries in the Android Runtime sub layer and every application running on android has its own Dalvik Virtual Machine.It is a virtual machine of the Android OS.Before execution,Android application are converted into the compact Dalvik Executable (.dex) format which is designed to be suitable for systems that are constrained in terms of memory and processor speed.Unlike Java VM which use stack based architecture,Dalvik VM uses
register-based architecture.
Android relies on its Linux kernel for its security services,memory management,network management,network stack and drivers .All application running on Android are subjected to security constraints enforced by Application framework.All these feature in Android phone increases the stability and reliability of processing .
The security of Android resides in its Linux Kernel and it uses techniques like Sandbox approach .From the table given below we can see how Android security differs from other phone OS.
Phone OS Security Mechanism
Google Android User and Group ID,permission level security
Windows Mobile Security Policies,roles and certificates
Symbian OS Certificate management and Cryptography
Symbian OS use certificates and cryptography to protect from malicious and harmful programs.Windows Mobile uses security policies, roles and certificates.That is, it has its own set of security policies for access of data. In contrast to this Android uses Linux User Identifiers and special permissions.
How does Android OS Security work ?
The major difference in Android is its 'Secure Sandbox' approach. The open nature of Android OS and secured sandbox makes access of data quite different. Unlike Windows , every application running on Android has its own instance. Each application has a unique User Identifier (UID) and file permissions to access database and files on the phone. Due to this application running on Android do not disrupt other processes in other application. In contrast to this all the application running of Windows phone have the same user identifier and the security is through the built in security policies. Thus there is no additional security in accessing database and files on the phone.
When we run three process like dial a number,take pictures and use GPS in three application in the top most layer of Android,it runs with three unique user identifiers. Additional security is provided in permission based level. It provides proper access privilege based on an access control policy mechanism. Due to this only those authorized users are able to access the data. However other application interface is visible to the user running on a particular application. These settings can involved in the Google code setting libraries. Unfortunately due to the openness of the phone platform anyone can write and modify these settings.
The above approach provides considerably good security then any other phone. Because of its isolation from other application running on the Sandbox, there is no possibility that an attacker can steal information running on other application.
But how permission is granted between two different applications. A particular permission can be enforced at number of places during the program’s operation.
- At the time of a call into the system, to prevent an application from executing certain functions
- When starting an activity, to prevent application from launching activities of other application
- Both sending and receiving broadcasts, to control who can receive our broadcast or who can send a broadcast to us
- When accessing and operating on a content provider
- Binding or starting a service
Suppose, we are running one application process and wants to access other application we need to share the User Identifiers between the applications. In this instance, instead of different User Identifier we are sharing the same User Identifiers for different applications. This can be achieved by using a Content Provider. Content providers provide an additional level of security by giving permissions applied between applications, which restrict the access to the data by a certain user. Bt when a user shared the User Identifier with other application that provide a weak link of security. Because of the open nature of the Android phone and no centralized control for the applications running on the phone, there are several points of security vulnerability. The applications running on Android uses a self signing certificate from the Application developer, in the event of sharing the information between applications, user Identifiers in both applications are signed by the same authority. This causes impact to the permission based security in different ways:
- First, the Application can give a certain type of permission to visible all database and files to other application by a general permission
- When two application share the same User Identifier, they declare the same User ID for both applications that are signed by same authority (same developer )
This security approach is not so secure when handling sensitive data. Android uses less memory for security and permissions, and only way to avoid this by allocating memory to the sensitive information, could still be used by a potential hacker to break into secure Content Provider service. So this method cannot provide a good security when sharing information between applications.
There are many security discussions still undergoing on the Android security discussion forum that no one is clear whether the security certificates used in Android phone is secured or not. .There are many security implications to note that Certificates used in Android phone. They pointed out that the public keys used for certificate verification are vulnerable, because they are public keys and there are no secrets to protect. However, if an attacker compromised a system and adds his own public key, he can issue his own certificates, that will looks exactly as a legitimate certificate. These self signed certificates does not provide any more security instead, it will be a potential hole to the attacker to access the contents.
Because of the open nature of Android and self signed certificate mechanism for applications, any users can write the application and signed with the same key they have. There is no central control for certificates and this causes many risks in the mobile phone.When the applications are sharing the same user identifiers with the same key allows the attackers to compromise the phone and use information for theft. In this way, malware writers can easily install the source code into a mobile with self signing certificate because of the open nature of Android phone.
We can realise that granting permissions to a particular application will provide an additional security. Also, each applications running on its own UID will minimize the malicious threats from a source code developer. However, in the second phase, when sharing a UID for different applications can have potential impact of entering unprivileged software to a phone, when a hacker get access to one application.The most controversial use of self signed certificate verification for a new application allows the malicious code writers to access a user’s phone, and the user is not at all aware of the fact that his phone gets compromised. So the permission based security is not a good security strategy used in Android.
Source: A security overview of Google's Open Source Android phone
Sunitha Medayil Vijayamma
School of Computer and Information Science
Edith Cowan University, Western Australia, Australia
