The Android platform and security model
Android is a popular mobile operating system that is based on a modified version of Linux. Another benefit is being open source, which gives developers and enthusiasts the opportunity to create custom applications and modifications on Android. Being Linux-based has many benefits, such as running various Linux-based tools and utilities.
At that time, there were many competitors in the market, some of these were Hewlett-Packard (HP) who used the WebOS operating system on their devices, Apple’s iOS, Microsoft’s Windows Phone operating system, Blackberry’s Research in Motion (RIM) operating system and Symbian OS which was used on some first generation phone manufacturers such as Nokia.
The Android architecture
Like all operating systems, Android's architecture can be viewed in layers, which include all the components of the architecture, as we can see here:
The Application layer
The Application layer contains the applications of the mobile device. These applications include the browser, dialer, contacts, clock, and alarm, which are usually displayed on the home screen.
The Application Framework Layer
The Application Framework layer allows Android-based applications, such as the dialer, to interface with the application framework, which in turn manages the basic mobile functions for resource and voice-call management.
The following components reside within the application framework of the Android operating system:
- Package Manager: Keeps tracks of currently-installed Android-based applications.
- Activity Manager: Handles the life cycle of all the running applications on the device.
- Content Provider: Allows the sharing of data between applications.
- Telephony Manager: Responsible for establishing, maintaining, and terminating calls on the device.
- Location Manager: Manages location features such as Global Positioning System (GPS).
- Resource Manager: Responsible for the type of resources used in an application on the device.
- Notification Manager: Displays notifications and alerts on the device’s screen.
- Java API Framework: Allows developers to create applications written using the Java programming language. The frameworks allows the Android operating system to execute these applications.
Android Libraries
Android uses a native library written in C and C++, which is responsible for handling various data types in the mobile operating system.
Here are some of the libraries it uses:
- Media Framework: Responsible for providing various types of media codecs that allow both recording and playback of all media types, such as MP3 and WAV.
- SQLite: A database that is used in Android-based devices for data storage.
- OpenGL/ES & SGL: Handles the rendering of computer graphics both in 2D and 3D on the device’s screen.
- WebKit: Responsible for displaying web pages by using the web browser’s engine.
Android Runtime
Android Runtime (ART) allows each individual app to execute within its own process and instance, just like virtual machines on a desktop. ART is designed to run these "virtual instances/machies" on low-memory devices such as smartphones and tablets.
Kernel
Most importantly, we must not forget about the brain behind the Android operating system, the kernel, which is responsible for interfacing with the hardware components of the handheld device. Android is based on the current longterm-support kernel of the Linux operating system. During the development of Android, the Linux kernel was modified to better fit the needs and functions of a mobile operating system. One of the modifications on the kernel prevents a user from installing original Linux packages on the Android platform.
The Android security model
To better understand Android's security posture, we are going to take a look into the security model behind Android. We'll look at how Google and the Android team take the extra steps needed to protect the ecosystem of Android devices and their users.
Securing an open source operating system has its challenges, and Android uses a multi-layered security system to protect its users and the platform. Each Android device usually has a set of security services provided by Google, let's look at some of them.
Android Device Manager
Android Device Manager is both a web application and mobile app that can be used to track your Android smartphone or tablet. It can play a sound, secure the device by remotely applying a lock screen, remotely sign out your Android device from your Google account, display a message on the lock screen, and remotely erase the device if stolen.
To access the features of Android Device Manager, simply visit the Google Play Store either on your computer or use the Google Play app on your smart device and search for Android Device Manager or Google Find My Device, as shown in the following screenshot:
Once logged in, you’ll see all the features available:
SafetyNet
SafetyNet protects Android-based devices from security threats, such as malicious URLs, any potentially harmful apps, and malware infections, as well as detecting whether the device is rooted. It protects users by continuously monitoring applications and services for any threats on the device.
Verify applications
The Android operating system can detect when harmful applications run on the device or attempt to install themselves on the device. This feature will either notify the user or automatically prevent the application from executing on the device. This feature utilizes the functions of Google Play Protect, which periodically scan the applications currently installed on a device and those that a user is attempting to install for any signs of being malicious. This feature exists within Android's operating system security.
Google continuously monitors applications; if an application is detected to be malicious, a notification is presented on the screen of the Android device that encourages the user to uninstall it. This ensures the security and privacy of Android users are maintained.
Application services
The Application service allows Android-based applications that are locally installed on the device to utilize cloud-based services and features. An example of a cloud-based service and feature is the data backup. An example of Application services is the Backup and Reset feature within the Settings menu of an Android Device. With the permission of the user, Android can back up its settings to a Google Device automatically, so in the event of a factory reset on a device, the configurations can be restored easily. Additionally, the Application services always have many Android apps to support cloud backup and restore functionality.
Android updates
This feature is responsible for checking and retrieving Android updates for new software versions. These updates are usually created by the Android development teams. Smartphone manufacturers can modify the updates to suit their devices and deliver it to various devices using over-the-air (OTA) updates or post it on their support pages, which will allow users to manually download and update their device.
Updates are very important for a device's security. Updates are usually rolled out to add new features and fix any security vulnerabilities on an operating system. Android has security specific updates that are modular, therefore providing smartphone manufacturers with the flexibility to push security updates much faster while taking more developmental time over updates that aren't as high a priority.
The Google Play Store
The Google Play Store is the official Application (apps) store for Android devices. The Google Play service provides licensing verification for purchased applications via the Google Play Store and performs continuous security scanning for malicious applications.
Google Play Protect
Google Play Protect is a mobile threat-protection service created by Google for Android. This service consists of built-in malware protections that use machine leaning techniques and algorithms designed by Google.
The following is a screenshot of the Google Play Protect screen on an Android smartphone; it displays two features that can be manually enabled or disabled by the user:
As we can see, Google Play Protect will periodically scan the local device for potentially harmful applications and threats. Therefore, user intervention is not needed – the process is automated for us.