Android security review
ABSTRACT— Android is a smart mobileoperating system with a large market share, its security received extensiveattention of the developers, introduces the system architecture of Android,Android's security mechanisms are analyzed, from the perspective of system securityand application security of two of its safety performance and the relatedresearch is discussed, the Android system security mainly includes the kernellayer security, architecture, security and user authentication mechanism interms of safety kernel layer and structure layer of security threats mainlycomes from the security hole, the kernel will SELinux security research isintroduced into the kernel layer to enhance safety and the safety of thearchitectural layer research has focused on the access mechanism of theimprovement and application programming interface (application programminginterface, API) using security implementation, specifications, userauthentication mechanism is directly related to the data security and privacyof the whole system is implemented agile diversity, got the wide attention ofthe researchers, the Android security study included malicious applicationtesting and two holes mining technology, forging technology, applicationinstalled on the application of the malicious detection technology andapplication in the process of real-time behavior monitoring technology arediscussed, the component exposed loopholes and security-related API calls for 2kinds of holes the introduction of related research, finally, summarizes theAndroid security research present situation, discussed the future researchdirection.
Android device users of large number, butthe user's security consciousness to strengthen, consumer reports from theUnited States's annual "State of the Net" in the report pointed outthat in 2012, 5.6 million people had been account be unauthorized accesswithout permission, while at the same time to the large volume of Androidapplications, but its security is worrying.TrustGo company analysis of theapplication, according to a report on the Google Play 3.15% of the applicationmay reveal user privacy or malicious behavior, and in the domestic well-known91 applications on the market the proportion is 19.7%.Our users can't directlydownload from the Google Play application, lead to a lot of the existence ofmarket management chaos of the third party application, caused serious threatto the security of Android devices.
At present, more and moreresearchers begin to pay close attention to security issues and solutions onAndroid, Android security research mainly from the two aspects of systemsecurity and application security.System security can wield power according tothe system level is divided into the kernel layer and framework layer security.Androidsystem based on Linux kernel, the kernel vulnerabilities is closely related tothe safety of the whole system, and because the are in the underlying system,and its consequences are serious, such as the number of CVE - 2013-6282 theloopholes in the Linux kernel can implement Android native code right, narrowhole future possible, reducing the harm of loopholes, the researchers try tosafer SELinux is introduced into the system kernel, and good results have beenachieved, the Android system on the Linux kernel realizes own layer systemarchitecture, once this layer security problems, is likely to lead to leakageof Root privileges.
For Android applicationsecurity research focused on the malicious application testing and applicationof holes on the mining technology of malicious applications tend to pretend tobe normal application installed to the Android system, and in which containsmalicious code, so as to steal user privacy, destroy the system, such aspurpose, the current detection scheme mainly include installation safetyauditing and running behavior detection, etc., in the process of application ofmining is usually specific to the vulnerability of the development process hasno intention of leaving security holes, these holes by the attacker to denialof service attacks, elevated privileges, steal the application data and userprivacy, etc.At present, the main work focuses on using the Fuzzing techniquesor static analysis technology components exposed loopholes of digging, or basedon the static analysis of safety related API calls the loopholes in the processof mining.
I、 the Android system introduction
Usually the Android system from bottom to topinto four levels: the Linux kernel layer, system layer, application frameworklayer, application layer.Incorporating application framework layer and systemlibrary for the system framework layer, its function as a common kernel andapplication in the middle of the components, according to the system levelanalysis of Android security.
The 1.1 Linux kernel layer
Android is developed based ondifferent versions of the Linux kernel, the Linux kernel layer including thesystem security mechanism, memory management, process management, networkstack, and a series of driver module, is located in between layers, hardware andother software with hardware interaction.
Binder is the Linux kernellayer process communication mechanism, this mechanism for interprocesscollusion attack provides a convenient, therefore is described here.Eachapplication in the Android are independent system processes, and resources isthe management and allocation of a process, a process normally can't directlyaccess another process of resources, in order to realize the process ofcommunication, the Android system introduced the Binder mechanism, thismechanism is OpenBinder concrete realization in Linux, this communication isbased on Client/Service model, the communication of both sides have to createan IBinder interface, call request will pass the proxy object by calling afunction provided by the Service interface, call request will send Service byBinder, and the Service process the results will be sent to the Client byBinder drivers.
1.2 system architecture layer
System architecture layercontains the Android system libraries, running environment and applicationframework layer, system library is to provide service for the application torun some of the C/C + + library, in the core library contains both the functionof most of the Java core library, also includes the use of Java local calls(such as Java native interface, JNI) way encapsulation of C/C + + library thatprovide application framework layer with the underlying library interface, alsoincludes explain run Java bytecode Dalvik virtual machine, the applicationframework layer provides the application developers to access the core functionof the API framework, the following framework under the premise of securityrestrictions, any application can call these core API function to release theirfunctional components.Application framework layer provides a variety ofservices and management tools, including the required for applicationdevelopment of interface management, messaging data access, application layer,the management of the application package, telephone management, positioningand the Google Talk service, and other functions.
Third-party libraries refers tothe collection from the third party platform API interface, developers can intheir own applications oil these interfaces to conveniently realize theofficial API for the realization of the function.For example, Facebook offersan open source Java library, allowing developers to embedded in their ownapplications part of Facebook's social function.Third party libraries areindependent of the Android system architecture implementation, but with thesystem architecture in the same position, using the kernel layer providesservices in time, realize the encapsulation function module, call forapplication layer.
1.3 the application layer
Android's built-in applicationshave main desktop (Home), E-mail, SMS/MMS, calendar, maps, contact management,etc.These applications are usually written in the Java language, by calling theAPI provided by the application framework layer.In the process of personaldevelopment, also can use Java JNI ways, cooperate with Android the NDK todevelop native applications.It allows Java code and other language to write thecode (usually what C, C + + code called native code) formed by interaction,using Java interaction with local compiled code, usually lose platformportability.However, in some cases this work acceptable, even is a must.Forexample.Use some old library system to interact with the hardware, operatingsystems, or improve the performance of the program, the JNI standards to ensurethe native code can work in any Java virtual machine implementation.
II、 the Android security mechanism
Android based on Linux kernel,retained some of the Linux security mechanism, such as the independent accessmechanism in Linux, and Android applications based on Java as the maindevelopment language, ensure the safety of the class, avoid the C typeconversion is not possible in test types, arrays, operating without the safetyhidden danger of boundary detection, and so on and so forth.
Android also according to thesmartphone more private data and computing power co., LTD., set up theapplication signature, permissions, audit and sandbox run 3 important securitymechanisms, the establishment of the three security mechanism to implement theapplications and fault identification application developers, restrict behaviorstand-alone function, respectively to ensure the application of the safety inthe process of distribution, installation and operation.
2.1 signature mechanism
All Android applications mustbe packaged into the apk file, the file must be signed when released, is usedin the field of information security with the purpose of the digitalcertificate is different, the Android using the digital signature to identifythe application of the author and establish trust between applications, ratherthan used to determine whether the application should be installed, and thedigital certificate does not need the authority of the digital certificatecertification signature mechanism, but developers to control and use, is usedfor self certification application package.
For Android applicationssignature can be used in a debug mode and publishing model;Using the Androiddevelopment tools (command and Eclipse, etc.) the development of theapplication is signed using a debug private key, these are called debug modeapplication, the application can only be used for developers to test, will notbe able to release to the official Google Play application market.When adeveloper needs to be released their application to Google Play, must generatea release version of the model, which is private key to sign theapplication.Application signature when released, validated during applicationinstallation, to realize the application of source identification.
2.2 access mechanism
Future to user applications usethe key function of the notice, the Android defines the access mechanism, apermission information mainly includes three aspects: the name of the permission,belongs to the group, the level of protection.A privilege group refers to theauthority in accordance with the functionality into different collection.Eachauthority through the Protection Level to identify the Level of Protection:normal, dangerous, signature, signature or system.Different level of protectionon behalf of the program to use this authority certification.Normal permissionsonly applied for use; Signature and the signature or system permissions to theuser's applications and systems using the same digital certificate.
Android also defines a set ofsystem permissions, implementation on how to photograph, recording, call thekey functions such as access control, the application of system can also be afunctional components in the application of custom access, thus providingservices in foreign colleagues to ensure the safety components.Applicationdevelopment projects, developers must in AndroidManifest. XML file using the< user permission - > tag to declare to the permissions.These applicationpermissions to install the application notifies the user before.Only in thecase of user authorization to use these permission to allow it to install anduse the function in the process of running.Access mechanism used in theapplication installation supervision, limited application behavior.
2.3 sandbox mechanism
Using the user ID can protectthe application documents, data, and memory.If you want to two applicationsshare permissions, data, you can set sharedUserID to declare two applicationsuse the same user ID, run in the same process, and share resources andauthority.But the statement using sharedUserID application must have the sameuser signature.
This mechanism not only canguarantee its independence, in the process of application running can alsoimprove the security of the system, when a single application running problems,can eliminate the virtual machine instance to ensure the whole system.
III、the Android system security
The Android system is dividedinto three layers, the bottom of the Linux kernel layer, process often run at ahigher authority, the vulnerability may lead to advanced permissionsleak;Middle layer for the system architecture, the layer between the kernel andapplication, its security holes which may result in advanced permissions leakedleaves his vision to use framework layer interface of all applications ofsecurity threat;The top for the application layer, its security will beintroduced in detail in the fourth quarter. And this research about the safetyof the system architecture layer also got the attention of someresearchers.User authentication mechanism is directly related to the privacy ofdata security of the whole system and its implementation process often involvesthe kernel layer framework of data acquisition, the strategy of custom and theanalysis and the application layer of user interaction, and the diversity ofthe realization of the mechanism.
The 3.1 kernel layer security
Linux kernel layer securitythreats from the Linux kernel of loopholes, these security holes are oftenthreatens the safety of the system, the malicious applications can use theseholes to improve their rights, and even get Root access, thus deliberately tosteal data, to damage the system.In the face of endless kernel leaked, on the onehand, it is necessary to implement effective hole mining tools.On the otherhand, how to enhance the security of the Linux kernel, avoid the harm done bythe security vulnerability is also worth attention.Android system based onkernel SELinux, whether will TOMOYO Linux kernel or SELinux as Android system,from the Linux level changed file access control way, namely by the DAC(discretionary access control) into the body of the MAC (mandatory accesscontrol) to be able to access to the object of a right or granted access to avariety of independent of other subjects, and the subsequent will these rightsat any recovery, MAC, created by the system to the user object for unifiedmandatory control, in accordance with the provisions of the rules decide which userscan what type of access to those objects, even the creator of users, aftercreating an object, may also have no right to access the object.By replace withMAC DAC can effectively weaken the kernel layer floodgates security threats.
3.2 security architecture layer
The Android system architectureis located between the kernel layer and application layer, is the main body ofthe Android system.System architecture layer security threats tend to come fromthe same security vulnerabilities.Android system architecture layer holes inboth may cause system Root access, may also have the security threat to theupper.In view of the above security threats, the relevant research focused onthe following three aspects:
1) SELinux introducing thesystem kernel, provide the system architecture layer with the security service,achieve more security strategy.For example in the SELinux Android 4.0 systemarchitecture based on layer specifies a set of protocol language, providescustomized service security policy, so that the SELinux security layer in theAndroid framework application.
2) perfect the Android existingsecurity mechanisms, refined, security policy is also an important means ofAndroid 3 big security mechanism, signature mechanism, access and the sandboxmechanism, signature mechanism and the sandbox mechanism design is relativelygood, only occasionally reported security holes, less security interest;Butaccess mechanism because of its "whole is or no" all thecoarse-grained management's people, and the behavior of the application afterthe installation can not get any monitor, for application running behavior ofthe process of monitoring the basic is zero.
3) the realization of theAndroid framework API interface if there are security issues, will be a seriousthreat to invoke the API application security, and these apis, such as SSL/TLSencryption API is particularly important, the researchers in this study alsoachieved good results.
In addition, the application ofpermissions and system architecture is provided by the API interface bindinglayer, namely if the application wants to call this API interface, you need tohave appropriate permissions.But the corresponding relationship of the"Permission - API" Google did not directly given, from people whoFelt and work completed this correspondence mapping set, on this basis, throughthe application of API calls and application permissions, inspectionapplication exists excessive application permissions.
3.3 user authenticationmechanism
Android security includes boththe kernel layer, architecture, in part caused by a user security mechanism,also includes the user use is often used in the process of user authenticationmechanism.The so-called user authentication mechanism, is to determine whetherthe current device users for legitimate users.This mechanism is usually appliedto unlock the screen, the process of using the PIN code, unlock pattern, in theform of face recognition, fingerprint identification and authentication.Thismechanism can effectively protect the smart devices used by illegal users orview the information in the device, is directly related to the privacy of datasecurity of the whole system and its implementation process often involves thekernel layer framework of data acquisition, the strategy of custom and theanalysis and the application layer of user interaction, and there are so manyways to the realization of the mechanism.The existing user authenticationmechanism can no longer guarantee security and achieve a good balance in thelow user engagement.
1) traditional authenticationmode of brute force
But they are often userauthentication mechanism is not completely reliable.Violence against PIN codedecoding technology is relatively mature, and the security of 3 * 3 unlockpattern also there exists a certain problem.Using the unlock pattern as thesafety performance of user authentication method.In the statistics of a largenumber of users unlock pattern, constructed a model based on the Markov chain,to the quantitative analysis of Android unlock pattern of statistical model,the results found that users in the process of unlock pattern choice hasobvious preference, is not completely randomized.In order to guide process ofbrute force unlock pattern.
2) the quality evaluation of biologicalcharacteristics
On September 20, 2010 listed onthe iPhone 5 s in fingerprint identification as a userauthentication.Outstanding evaluate the superiority of various unlock solution,from the response time and intensity, error and task can be interrupted, etc.,based on sound, biological characteristics of user authentication mechanismssuch as face, fingerprint, PIN code and the original user authenticationmechanism is compared, the results show that speech PIN code of the fastest,and facial recognition does not need the user password, memories will 2biological validation way superposition can obtain a better user experience,but takes more system memory.
IV、the Android security
Android application securityincludes two aspects: on the one hand to detect whether there is any maliciousbehavior, guarantee system and other application is not affected by thismalicious behavior;On the other hand, the application of the securityvulnerabilities, timely hairstyle may produce function, data leakage, to ensurethat the application of independent, correct and safe operation.
4.1 the Android detectingtechnology of malicious applications
Malicious application refers tothe living with malicious code, for the normal operation of the system andother applications and critical data such as the application of the securitythreat.Malicious applications usually inserted in hot applications to attractusers to install malicious code, and using safety management confusion of thirdparty applications market distribution and transmission, and has the functionof the need to access in the future, often with some users to installapplications without careful review permissions list or local authority holes,etc.Moreover, with the deepening of the equipment performance enhancement andresearch, a malicious application to steal the privacy of ability also isincreasing day by day.
Malicious applications of bogusways in addition to the original inserts malicious code after decompiling, mayalso use MasterKey holes not achieve change the executable file embeddedapplication signature, great harm;For malicious application analysis, staticaudit during application installation, can also be customized behavior ofreal-time monitoring in the system.
4.4.1 forged pattern of maliciousapplications
Usually malicious applicationdevelopers to insert malicious code to the target application is the way to thenormal application decompiling, repackaged after add malicious code, this waythe generated different malicious code and the application of the originalsignature.Since July 2013, however, has revealed the Android signaturecertification around holes to let a malicious attacker can be new bytecode fileclasses. Dex put in the APK, bypassing the signature mechanism, this vulnerabilitymay result in system is illegal to replace the original normal application, orfake application is installed to the system, although Google gives somemeasures to repair in time.But Android security patch will not be pushed to theequipment in time, but in the new version changes.Due to the fragmentation ofAndroid devices ecosystem seriously, are difficult to introduce new versionupdate with a wide range, so the hole in the next period of time will be amalicious application forge one extremely important means of normalapplication.
4.1.2 installing maliciousapplication analysis
Android malicious codedetection tools Androguard test based on signature matching todevelopers.Through the establishment of large and efficient database.These twomethods can quickly find known malicious applications, however, whether due tonew judgement cannot achieve for malicious behavior.According to the statisticsapplication permissions and call API, using data mining techniques to determinewhether the target application contains malicious behavior is also a kind ofmore effective methods.In installing malicious application analysis technologyin addition to the traditional signature and signature information detection,by static analysis, the application of data mining technology conduct audit andinspection also played a good effect, the work can not only run on a localdevice, can also be conducted on a cloud platform.
4.2 the Android hole miningtechnology
Security flaw in the Androidapplications, application in the process of running stability, not onlythreatens the security of private data, may also should teach key functions andthreatens the safety of the whole system.In the face of a large number ofAndroid applications, how to realize the automatic and effective hole miningtools is the focus of researchers both at home and abroad.Usually a loophole inthe mining techniques can be divided into two classes, and the static anddynamic mining mining for Android hole mining technology is relatively mature,concentrated using Fuzzing test, static analysis found components exposed bystatic analysis found that security vulnerabilities and related API callhole.Android application components for the Activity, Service, BroadcastReceiver, and the Content Provider four components, and Settings are externallyvisible.If visible, means that these components can receive data from thirdparty applications. research has received extensive attention of theresearchers, dynamic and static testing techniques are realized, and goodresults have been achieved.
V、the total knot
This paper introduces theAndroid system architecture, summarizes its security mechanism, from the systemand application two aspects elaborated the Android on the safety of theexisting problems and research plan.Android system security and according toits level is divided into the kernel, architecture, and user authenticationmechanism in three aspects: the kernel security often associated with thecorresponding security problems in the Linux kernel, through introducing theSELinux MAC mechanism can effectively enhance its security;Communication systemarchitecture is the kernel and application layer, is the main part of theAndroid system, by optimizing the access mechanism, strengthen the API callmonitoring, timely detection and repair the security holes can effectivelyimprove the safety protection ability, such as user authentication mechanism isthe important method used in the equipment from illegal users.Android securityloopholes and contains a malicious application testing mining technology twoaspects, respectively from detecting attacks and find application securityvulnerabilities two ways to achieve the enhanced safety performance.
source:http://epub.cnki.net/kns/brief/default_result.aspx