0
1
00:00:07,860 --> 00:00:15,560
Android is an open source Linux based software stack created for a wide array of devices and form factors.
1

2
00:00:15,570 --> 00:00:22,960
The following diagram shows the major components of the Android platform. The foundation of the Android
2

3
00:00:22,960 --> 00:00:31,030
platform is the Linux kernel for example the android runtime ART relies on the Linux kernel for
3

4
00:00:31,030 --> 00:00:36,060
underlying functionalities such as threading and low level memory management.
4

5
00:00:37,190 --> 00:00:44,990
The hardware abstraction layer AGL provides standard interfaces that expose device hardware capabilities
5

6
00:00:45,020 --> 00:00:53,060
to the higher level Java API framework. For devices running Android version 5.0 API level twenty one
6

7
00:00:53,300 --> 00:00:54,500
or higher.
7

8
00:00:54,530 --> 00:01:00,870
Each app runs on its own process and with its own instance of the Android runtime ART.
8

9
00:01:01,610 --> 00:01:09,950
Prior to Android version 5.0 API level twenty one Dalvik was the android runtime if your app runs well
9

10
00:01:10,010 --> 00:01:13,370
on ART then it should work on Dalvik as well.
10

11
00:01:13,460 --> 00:01:21,460
But the reverse may not be true. Many core Android system components and services such as ART and
11

12
00:01:21,460 --> 00:01:30,300
HAL are built from native code that require native libraries written in C and C++ if you are developing
12

13
00:01:30,300 --> 00:01:38,160
an app that requires C or C++ code you can use the Android NDK to access some of these native platform
13

14
00:01:38,160 --> 00:01:41,520
libraries directly from your native code.
14

15
00:01:41,580 --> 00:01:48,290
The entire feature set of the Android OS is available to you through APIs written in the Java language
15

16
00:01:50,370 --> 00:01:54,910
these APIs form the building blocks you need to create Android apps.
16

17
00:01:55,290 --> 00:02:02,670
Developers have full access to the same framework APIs that Android system apps use. Android comes
17

18
00:02:02,670 --> 00:02:09,690
with a set of core apps for email sms messaging calendars Internet browsing contacts and more
18

19
00:02:10,720 --> 00:02:16,020
Apps included with the platform have no special status among the apps the user chooses to install.
19

20
00:02:16,930 --> 00:02:20,940
So a third party app can become the user's default web browser,
20

21
00:02:20,960 --> 00:02:29,450
Sms messenger or even the default keyboard. Android package APK is the package file format used
21

22
00:02:29,450 --> 00:02:37,680
by the Android operating system for distribution and installation of mobile apps. An APK file is an
22

23
00:02:37,710 --> 00:02:44,340
archive that usually contains the following files and directories META INF is a directory containing
23

24
00:02:44,340 --> 00:02:51,750
the manifest file the app's certificate and the list of resources and an SHA1 digest of the
24

25
00:02:51,750 --> 00:03:00,480
corresponding lines in the manifest file resources is a file containing pre compiled resources
25

26
00:03:00,600 --> 00:03:07,530
such as binary XML classes dot decks contains the classes compiled in the dex file format which is
26

27
00:03:07,530 --> 00:03:15,980
understandable by the Dalvik virtual machine and by the Android runtime. RES is the directory containing
27

28
00:03:15,980 --> 00:03:25,450
resources not compiled into resources .ARSE. Android manifest  .XML is an additional Android manifest
28

29
00:03:25,450 --> 00:03:33,390
file describing the name, version, access rights and reference library files for the application.
29

30
00:03:33,480 --> 00:03:40,500
You may also have a lib directory containing the platform dependent compiled code and an assets directory
30

31
00:03:40,530 --> 00:03:47,290
containing application assets. The Android platform takes advantage of the Linux user based protection
31

32
00:03:47,290 --> 00:03:50,800
to identify and isolate app resources.
32

33
00:03:50,860 --> 00:03:56,250
This isolates apps from each other and protects apps and the system from malicious apps.
33

34
00:03:56,440 --> 00:04:03,760
To do this android assigns a unique user ID, UID to each Android application and runs it in its
34

35
00:04:03,760 --> 00:04:04,810
own process.
35

36
00:04:07,270 --> 00:04:14,860
Android uses the UID to set up a kernel level application sandbox the kernel enforces security between
36

37
00:04:14,860 --> 00:04:21,490
apps and the system at the process level through standard Linux facilities such as user and group IDS
37

38
00:04:21,520 --> 00:04:27,850
that are assigned to apps by default apps can't interact with each other and have limited access to
38

39
00:04:27,850 --> 00:04:28,960
the OS.
39

40
00:04:29,200 --> 00:04:35,740
If app a tries to do something malicious such as read application B's data or dial the phone without
40

41
00:04:35,740 --> 00:04:42,360
permission is prevented from doing so because it doesn't have the appropriate default user privileges.
41

42
00:04:42,430 --> 00:04:46,910
The purpose of a permission is to protect the privacy of an Android user.
42

43
00:04:46,930 --> 00:04:54,010
Android apps must request permission to access sensitive user data such as contacts and SMS
43

44
00:04:54,010 --> 00:04:59,620
as well as certain system features such as camera and Internet. Depending on the feature,
44

45
00:04:59,620 --> 00:05:05,200
the system might grant the permission automatically or might prompt the user to approve the request.
45

46
00:05:06,760 --> 00:05:09,730
Between application sandboxing and permissions,
46

47
00:05:09,730 --> 00:05:15,370
the OS is ensuring that apps can only perform the sensitive operations that they are explicitly allowed to
47

48
00:05:15,370 --> 00:05:23,900
If you are interested in knowing more about the Android security model we recommend this white paper
48

49
00:05:23,960 --> 00:05:26,520
that was recently released by Google.
49

50
00:05:26,660 --> 00:05:33,580
The paper aims to both document the Android security model and discuss its implications. Google Play
50

51
00:05:33,580 --> 00:05:40,000
protect is Google's built in malware protection for Android it automatically scans your device and make
51

52
00:05:40,000 --> 00:05:47,100
sure you have the latest in mobile security. All Android apps undergo rigorous security testing before
52

53
00:05:47,100 --> 00:05:54,570
appearing in the Google Play Store. Google vets every app and developer in Google Play and suspends those
53

54
00:05:54,570 --> 00:05:56,070
who violate their policies.
54

55
00:05:57,240 --> 00:06:04,090
Play protect scans billions of apps daily to make sure everything is secure. That way when you download
55

56
00:06:04,090 --> 00:06:06,190
an app from the official Play Store.
56

57
00:06:06,190 --> 00:06:09,880
You know it's been checked by Google Play Protect.
57

58
00:06:09,900 --> 00:06:16,800
That being said as we have seen in the past malware is still able to make its way onto the play store.
58

59
00:06:16,800 --> 00:06:23,310
However when opting to download from the official store or an unregulated third party store we always
59

60
00:06:23,310 --> 00:06:25,740
recommend to stick to the official store.
60

61
00:06:27,420 --> 00:06:33,770
That being said one can also install non play store apps by enabling a simple feature.
61

62
00:06:33,810 --> 00:06:40,790
This practice is called side loading when you allow any application to be side loaded on your phone.
62

63
00:06:40,790 --> 00:06:46,970
You're bypassing the security protocols that are enabled in the Play Store i.e. what Google does behind
63

64
00:06:46,970 --> 00:06:51,740
the scenes to make sure all the apps you install from the official channels are safe.
64

65
00:06:51,740 --> 00:06:56,740
However there are reasons legitimate or not that caused people to side load.
65

66
00:06:56,750 --> 00:07:04,250
For example when apps are blocked for your specific device when apps are not available in your country
66

67
00:07:05,090 --> 00:07:12,200
when apps are banned from the official store, in order to download a paid app for free which may be illegal
67

68
00:07:13,040 --> 00:07:20,750
in order to obtain an ad free version of an app which may also be illegal, for app development testing
68

69
00:07:21,350 --> 00:07:25,430
and when developing a custom private app.
69

70
00:07:25,540 --> 00:07:30,790
Finally we would like to discuss an issue that seems to plague the Android OS and that is the issue
70

71
00:07:30,790 --> 00:07:34,850
of fragmentation. When creating an Android app.
71

72
00:07:34,860 --> 00:07:39,450
you'll be asked for the minimum OS version that your app should support.
72

73
00:07:39,450 --> 00:07:45,390
Choosing a newer minimum version will usually mean that your app will be supported by fewer Android
73

74
00:07:45,390 --> 00:07:46,930
devices.
74

75
00:07:46,980 --> 00:07:53,130
The dashboard shows the percentage of Android devices that are running each OS version and lower.
75

76
00:07:53,130 --> 00:07:59,160
For example here we see that at the time of this report Android 10 was the latest available release
76

77
00:07:59,160 --> 00:08:05,640
version. However Android 10 had only eight point two percent of the distribution.
77

78
00:08:06,680 --> 00:08:11,990
The bigger the jump in the cumulative distribution the higher the number of Android devices running
78

79
00:08:11,990 --> 00:08:15,120
that specific version.
79

80
00:08:15,210 --> 00:08:21,960
For example the difference between Nougat and Marshmallow is eighty four point nine minus seventy three
80

81
00:08:21,960 --> 00:08:26,380
point seven which equals eleven point two percent.
81

82
00:08:26,390 --> 00:08:32,620
This means that at this point there were eleven point two percent of Android devices still running Android Nougat.
82

83
00:08:32,610 --> 00:08:39,840
Some of these percentages seem small but when you consider the billions of Android devices that
83

84
00:08:39,840 --> 00:08:47,950
are out there in the world 1 percent of all Android devices is very significant. Imagine you have a vulnerability
84

85
00:08:48,010 --> 00:08:52,870
against one specific version that only has 1 percent distribution.
85

86
00:08:52,900 --> 00:08:58,690
You cannot simply omit this as an issue since this vulnerability might still be impacting millions of
86

87
00:08:58,690 --> 00:08:59,430
devices.
87

88
00:09:01,170 --> 00:09:07,950
You may find many of these old versions are not necessarily on smartphones but rather may be on televisions
88

89
00:09:07,980 --> 00:09:10,290
or cars for example.
89

90
00:09:10,290 --> 00:09:14,660
That being said many of these devices are still connected to the Internet.
90

91
00:09:14,970 --> 00:09:21,120
So this is something that's significant and something we have to consider especially in Android security.
91

92
00:09:21,210 --> 00:09:27,810
You may even come across cases where for example a malware author designed malware exploiting a vulnerability
92

93
00:09:27,840 --> 00:09:33,510
for older Android versions and actually checking the version number of the device before triggering
93

94
00:09:33,510 --> 00:09:35,040
the attack.
94

95
00:09:35,050 --> 00:09:40,510
For example the code would say is Android version older than Android 5.
95

96
00:09:40,510 --> 00:09:45,130
If so then launch an attack using some old vulnerability that they found.