North Carolina State University, Department of Computer Science
- CSC574 - Computer and Network Security
- Fall 2011, Spring 2013
- CSC591-006 - Smartphone OS Security
- CSC474 - Network Security
- Fall 2012, Fall 2013
- CSC801-001 - Systems Seminar
Pennsylvania State University, College of Engineering
- CSE/EE458 - Communications Networks
- CSE597a - Cellular Phone Operating Systems Security
Understanding Android's Security Framework
ACM Conference on Computer and Communications Security (CCS)
October 29, 2008
The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. Android defines a new component-based framework for developing mobile applications, where each application is comprised of different numbers and types of components. Activity components form the basis of the user interface; each screen presented to the user is a different Activity. Service components provide background processing that continues even after its application loses focus. Services also define arbitrary interfaces for communicating with other applications. Content Provider components share information in relational database form. For instance, the system includes an application with a Content Provider devoted to sharing the user's address book upon which other applications can query. Finally, Broadcast Receiver components act as an asynchronous mailbox for messages from the system and other applications. As a whole, this application framework supports a flexible degree of collaboration between applications, where dependencies can be as simple or complex as a situation requires.
In this tutorial, we will overview the mechanisms required to develop secure applications within the Android development framework, indicating how the environment has evolved with recent releases of the SDK. We will begin with the basics of building an Android application; no prior knowledge of Android is required. From this base, we will demonstrate how applications can communicate and provide services to one another. However, these interfaces must be carefully secured to defend against general malfeasance. We show how Android's security model aims to provide mechanisms for requisite protection of applications and critical smartphone functionality and present a number of "best practices" for secure application development within the environment
The slides and example application source code are available.