Scope of article
Open source world loves Android operating system. It is surely a gift from google, that provides cutting edge and versatile mobile development platform. While there are tons of applications already running on multiple tablets and phones, little is known about the security of this platform. This article talks about the security model of Android and also explains top security risks that a programmer or administrator should know about.
Android is running on close to a billion devices already. With the widespread use of smart-phones both in private and work related areas, securing these devices has become of paramount importance. Owners use their smartphones to perform tasks ranging from everyday communication with friends and family to the management of banking accounts and accessing sensitive work related data. These factors, combined with limitations in administrative device control through owners and security critical applications like the Mobile TAN for banking transactions, make Android based smartphones a very attractive target for attackers and malware authors of any kind and motivation. Up until recently, the Android Operating System’s security model has succeeded in preventing any significant attacks by malware. This can be attributed to a lack of attack vectors which could be used for self spreading infections and low sophistication of malicious applications.
However, emerging malware deploys advanced attacks on operating system components
to assume full device control. We developed an extensible exploit execution framework to test existing and future exploits in a controlled environment. This framework can also serve to analyze exploitability of devices with specific test sets and payloads. Additionally, common malware behavior is emulated, such as dynamic configuration and exploit download from a remote web server.
Apps for Android are developed in Java and executed in a virtual machine, called Dalvik VM. They are supported by the application framework, which provides frequently used functionality through a unified interface. Various libraries enable apps to implement graphics, encrypted communication or databases easily. The Standard Library (“bionic”) is a BSD derived libc for embedded devices. The respective Android releases’ kernels are stripped down from Linux 2.6 versions. Basic services such as memory, process and user management are all provided by the Linux kernel in a mostly unmodified form.
However, for several Android versions, the deployed kernel’s version was already out of date at the time of release. This has lead to a strong increase in vulnerability, as exploits were long publicly available before the respective Android version’s release. Detailed information on all security features can be retrieved from the Android
Android version Vulnerability Type Description
Below 2.1 Rooting, Memory access Malware can have full control on the device and applications
2.2 Floating point number validation problem Remote code execution possible
2.1 to 2.3 Application focus stealing Misbehaving application could steal screens of other applications leading to authentication attack
3.x GingerBreak Array out of bound vulnerability which can be exploited by malwares
4.x Memory Access Unauthorized memory access can result into corrupt memory or data stealing