forked from WatchDogs-CS416/WatchDogs-CS416.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
android_application_fundamentals.html
executable file
·207 lines (197 loc) · 14.2 KB
/
android_application_fundamentals.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
xmlns:fb="http://ogp.me/ns/fb#">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Android Application Fundamentals | Watch Dogs | Security Analysis of Android Applications</title>
<meta name="description" content="Team Watch Dogs | Security Analysis of Android Applications">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Team Watch Dogs | CS416[2020]">
<link rel="image_src" href="https://i.redd.it/p8vw8ggae1751.jpg">
<link rel="shortcut icon" type="image/x-icon" href="assets/img/favicon.png">
<link rel="stylesheet" href="assets/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="assets/css/highlight.min.css">
<link rel="stylesheet" href="assets/css/style.css?v5">
</head>
<body class="body-bg" style="position: relative;" data-spy="scroll" data-target="#side_menu" data-offset=92>
<div class="preloader">
<pre class="canvas"></pre>
<div class="loading">
<span>L</span><span>O</span><span>A</span><span>D</span><span>I</span><span>N</span><span>G</span><span> </span>
</div>
</div>
<nav class="navbar navbar-expand-sm bg-dark navbar-dark sticky-top">
<a class="navbar-brand" href="./">Team Watch Dogs</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsibleNavbar">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse justify-content-end" id="collapsibleNavbar">
<ul class="navbar-nav">
<li class="nav-item"><a class="nav-link" href="./index.html">Home</a></li>
<li class="nav-item active"><a class="nav-link" href="./android_application_fundamentals.html">Android Fundamentals</a></li>
<li class="nav-item"><a class="nav-link" href="./reverse_engineering.html">Reverse Engineering</a></li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="./security_analysis.html">
Security Analysis
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="./security_analysis.html#static-analysis">Static Analysis</a>
<a class="dropdown-item" href="./security_analysis.html#dynamic-analysis">Dynamic Analysis</a>
<a class="dropdown-item" href="./security_analysis.html#data-storage-analysis">Data Storage Analysis</a>
<a class="dropdown-item" href="./security_analysis.html#cryptography">Cryptography</a>
</div>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="./other_topics.html">
Other Topics
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="./other_topics.html#rooting-android-device">Rooting Android Device</a>
<a class="dropdown-item" href="./other_topics.html#android-malware">Android Malware</a>
<a class="dropdown-item" href="./other_topics.html#useful-tools">Useful Tools</a>
</div>
</li>
</ul>
</div>
</nav>
<main>
<div class="container-fluid pb-3">
<div class="row">
<div class="col-sm-4">
<div class="side-menu sticky_menu">
<div class="page-title">
Android Application Fundamentals
</div>
<div id="side">
<div id="side_menu">
<!--<div class="side-menu-header">-->
<!-- <h4 class="text-left">Tutorial</h4>-->
<!--</div>-->
<div class="side-menu-content">
<ul class="side_nav">
<li><a class="nav-link active" href="#intro">Introduction</a></li>
<li><a class="nav-link" href="#app_comp">App Components</a></li>
<li><a class="nav-link" href="#intents">Intents</a></li>
<li><a class="nav-link" href="#manifest">The Manifest File</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="col-sm-8">
<div class="side-content">
<section class="section" id="intro">
<div class="title-img d-flex align-items-center justify-content-center">
<img src="assets/img/android_application_fundamentals/android_fundamentals.webp" alt="Android Components" class="img-fluid">
</div>
<br>
<p>
Android apps can be written using Kotlin, Java, and C++ languages. The Android SDK tools compile your code along with any data and resource files into an APK, an Android package, which is an archive file with an .apk suffix. One APK file contains all the contents of an Android app and is the file that Android-powered devices use to install the app.
</p>
Each Android app lives in its own security sandbox, protected by the following Android security features:
<ul>
<li>
The Android operating system is a multi-user Linux system in which each app is a different user.
</li>
<li>
By default, the system assigns each app a unique Linux user ID (the ID is used only by the system and is unknown to the app). The system sets permissions for all the files in an app so that only the user ID assigned to that app can access them.
</li>
<li>
Each process has its own virtual machine (VM), so an app's code runs in isolation from other apps.
</li>
<li>
By default, every app runs in its own Linux process. The Android system starts the process when any of the app's components need to be executed, and then shuts down the process when it's no longer needed or when the system must recover memory for other apps.
</li>
</ul>
<p>
The Android system implements the <i>principle of least privilege</i>. That is, each app, by default, has access only to the components that it requires to do its work and no more. This creates a very secure environment in which an app cannot access parts of the system for which it is not given permission.
</p>
</section>
<section class="section" id="app_comp">
<h2 class="content-title">App Components</h2>
<p>
App components are the essential building blocks of an Android app. Each component is an entry point through which the system or a user can enter your app. Some components depend on others.
</p>
There are four different types of app components:
<ul class="spaced-ul">
<li>
Activities
<ul>
<li>
An <i>activity</i> is the entry point for interacting with the user. It represents a single screen with a user interface. For example, an email app might have one activity that shows a list of new emails, another activity to compose an email, and another activity for reading emails. Although the activities work together to form a cohesive user experience in the email app, each one is independent of the others.
</li>
</ul>
</li>
<li>
Services
<ul>
<li>
A <i>service</i> is a general-purpose entry point for keeping an app running in the background for all kinds of reasons. It is a component that runs in the background to perform long-running operations or to perform work for remote processes. A service does not provide a user interface. For example, a service might play music in the background while the user is in a different app, or it might fetch data over the network without blocking user interaction with an activity. Another component, such as an activity, can start the service and let it run or bind to it in order to interact with it.
</li>
</ul>
</li>
<li>
Broadcast receivers
<ul>
<li>
A <i>broadcast receiver</i> is a component that enables the system to deliver events to the app outside of a regular user flow, allowing the app to respond to system-wide broadcast announcements. Because broadcast receivers are another well-defined entry into the app, the system can deliver broadcasts even to apps that aren't currently running. So, for example, an app can schedule an alarm to post a notification to tell the user about an upcoming event... and by delivering that alarm to a BroadcastReceiver of the app, there is no need for the app to remain running until the alarm goes off. Many broadcasts originate from the system—for example, a broadcast announcing that the screen has turned off, the battery is low, or a picture was captured.
</li>
</ul>
</li>
<li>
Content providers
<ul>
<li>
A <i>content provider</i> manages a shared set of app data that you can store in the file system, in a SQLite database, on the web, or on any other persistent storage location that your app can access. Through the content provider, other apps can query or modify the data if the content provider allows it. For example, the Android system provides a content provider that manages the user's contact information. As such, any app with the proper permissions can query the content provider, such as <a href="https://developer.android.com/reference/android/provider/ContactsContract.Data" target="_blank">ContactsContract.Data</a>, to read and write information about a particular person.
</li>
</ul>
</li>
</ul>
</section>
<section class="section" id="intents">
<h2 class="content-title">Intents</h2>
<p>
Three of the four component types—activities, services, and broadcast receivers—are activated by an asynchronous message called an <i>intent</i>. Intents bind individual components to each other at runtime. You can think of them as the messengers that request an action from other components, whether the component belongs to your app or another.
</p>
</section>
<section class="section" id="manifest">
<h2 class="content-title">The Manifest File</h2>
<p>
Before the Android system can start an app component, the system must know that the component exists by reading the app's <i>manifest file</i>, AndroidManifest.xml. Your app must declare all its components in this file, which must be at the root of the app project directory.
</p>
The manifest does a number of things in addition to declaring the app's components, such as the following:
<ul>
<li>
Identifies any user permissions the app requires, such as Internet access or read-access to the user's contacts.
</li>
<li>
Declares the minimum <a href="https://developer.android.com/guide/topics/manifest/uses-sdk-element#ApiLevels" target="_blank">API Level</a> required by the app, based on which APIs the app uses.
</li>
<li>
Declares hardware and software features used or required by the app, such as a camera, bluetooth services, or a multitouch screen.
</li>
<li>
Declares API libraries the app needs to be linked against (other than the Android framework APIs), such as the
<a href="http://code.google.com/android/add-ons/google-apis/maps-overview.html" target="_blank">Google Maps library</a>.
</li>
</ul>
</section>
</div>
</div>
</div>
</div>
</main>
<footer>
<div class="text-center bg-dark text-light p-3 h6" style="margin-bottom:0; font-family: monospace">
<div>Developed by Team Watch Dogs [CS416 2021 | IIT Bombay]</div>
</div>
</footer>
<script src="./assets/js/vendor/jquery-3.5.1.min.js"></script>
<script src="./assets/js/bootstrap.min.js"></script>
<script src="./assets/js/highlight.min.js"></script>
<script src="./assets/js/main.js?v4"></script>
</body>
</html>