1 / 20

Android OS Security

Android OS Security. July 8, 2013. Omar Alaql. Android OS Security. Kent State University. Outline:. Introduction. History. Android Architecture. Security and privacy. Vulnerabilities. Application piracy. Security Measures. Conclusion. Android OS Security.

curt
Download Presentation

Android OS Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android OS Security July 8, 2013 Omar Alaql Android OS Security Kent State University

  2. Outline: • Introduction. • History. • Android Architecture. • Security and privacy. • Vulnerabilities. • Application piracy. • Security Measures. • Conclusion. Android OS Security Kent State University

  3. Introduction • Android is a Linux-based operating system. • Android is open source, • freely modified and distributed by device manufacturers, wireless carriers and enthusiast developers. • the world's most widely used smartphone platform, sharing 75% of smartphone market. • Due to the broad range of manufacturers. Android OS Security Kent State University

  4. Android OS Security Kent State University

  5. History • Initially developed by Android Inc. • Android, Inc. was founded in Palo alto ,California in October 2003 by Andy Rubin. • Acquired later by Google in 2005. • The first commercially available phone to run Android was the HTC Dream, released on October 22, 2008. Android OS Security Kent State University

  6. Android versions Android OS Security Kent State University

  7. Android Architecture Android OS Security Kent State University

  8. Security and privacy • Android device owners are not given root access. • However: • It can be obtained by exploiting security flaws in Android. • used frequently by the open source community to enhance the capabilities of their devices. • by malicious parties to install viruses and malware. Android OS Security Kent State University

  9. Security and privacy • Android applications run in a sandbox. • Sandbox is an isolated area of the system that does not have access to the rest of the system's resources. • unless access permissions are granted by the user • Sandboxing • reduces the impact of vulnerabilities and bugs in applications. • preventing malicious processes from crossing between applications. Android OS Security Kent State University

  10. Security and privacy • Android is becoming the most-targeted mobile platform. • The open nature of Android and its large user base have made it an attractive and profitable platform to attack. • Google provides major updates to Android every six to nine months • but a majority of Android users have not been able to upgrade to the new OS because the process is controlled by the carriers(one of the biggest security threats). Android OS Security Kent State University

  11. Security and privacy • Has no internal back-up restoration. • There are many third-party applications for back up. • Deficiency of hardware data encryption. • Honeycomb operating software has hardware encryption problems. • A lot of Android malware and Fake anti-malware. • Increased more than 400% this year. • Lookout Mobile Security, AVG Technologies and McAfee, have released antivirus software for Android devices Android OS Security Kent State University

  12. Vulnerabilities • The Android Market: • a number of malware-infected apps and games being made available tousers. • Google currently uses their Google Bouncer malware scanner to watch over and scan the Google Play store apps. • Application permissions: • the reality is that many apps request permission to access sensitive content they have no actual need for. • Untrusted third party applications. • difficult to identify reputable vendors Android OS Security Kent State University

  13. Vulnerabilities • Rooting: • The process of gaining root access. • akin to jail-breaking an iPhone • opens out additional functionality and services
to users. • common exploit used by malicious applications. • Wi-Fi: • compromise on unprotected Wi-Fi networks. • FaceNiff: intercept the social networking logins. • Last vulnerability was detected last week July 4, 2013 • SMS Phishing Scams. Android OS Security Kent State University

  14. Application piracy • In 2010, Google released a tool for validating authorized purchases for use within apps. • insufficient and trivial to crack. • In 2012 Google released a feature in Android 4.1 that encrypted paid applications so that they would only work on the device on which they were purchased. • deactivated due to technical issues. Android OS Security Kent State University

  15. Security Measures • Permissions management: • LBE Privacy Guard acts as somewhat of an application firewall. • granting the user the ability to block an application’s individual permissions • Kirin: • determine if the requested permissions are relevant or not. • Installing trusted packages: • The ability to install non-Market applications. • APK : the standard Android install file format. • A program called APK Inspector has recently been released that will scan the assets, resources, and certificates contained within the APK to ensure it is secure. Android OS Security Kent State University

  16. Security Measures • Trace and wipe: • If your Android device is lost or stolen, you can use these applications to remotely ping the device for its location and/or instruct it to delete specific content. • Invisible. • send remote commands. • get the current GPS location. • Activate a loud siren. • Let the phone call you back and listen to what happens on the other side. Android OS Security Kent State University

  17. Security Measures • Anti-virus: • None of these apps are asking for root access, and therefore they are failing to search for infections on the area of the device that is most targeted and vulnerable. • it covers the apps folders, SD card, SMS, and contact. • DroidSecurity, Lookout. • Link security: • malicious links are always loitering in the background waiting to seduce and ensnare hapless users. • There are a number of vendors that have created link security applications. Android OS Security Kent State University

  18. Conclusion • There is no one-stop effective security measure that can be implemented on an Android operating system. • To be secure: • Use built in security features. • Avoid free-unsecured Wi-Fi access. • Securitize every app you download regardless of source. • Understand the permissions before accept them. • Use an effective security app. Android OS Security Kent State University

  19. Reverences • An Android Security Case Study with Bauhaus, Bernhard J. Berger, Michaela Bunke, and KarstenSohr • Understanding Android Security, William Enck, MachigarOngtang, and Patrick Mcdaniel • http://en.wikipedia.org/wiki/Mobile_operating_system • http://www.bitdefender.com/security/android-vulnerability-opens-door-to-sms-phishing-scams.html • http://www.android-app-market.com/android-architecture.html Android OS Security Kent State University

  20. Reverences • http://techbii.com/security-risks-android/ • http://www.androidpolice.com/2010/11/29/theft-aware-2-0-the-most-ingenious-android-security-solution-with-the-best-root-integration-weve-seen-to-date-really-hands-on-review/ Android OS Security Kent State University

More Related