Open in app

Sign in

Write

Sign in

Android Security Architecture

Aditya Jha
4 min readJul 7, 2024

--

Android is based on the Linux Operating System.

Your Android phone can take commands just like any Linux device, for example:

ls, cd, rm, pwd, etc.

And if we talk about permission, then the permission to folders and applications are dependent on the Linux Operating System file permission model.

Linux File Permission System

Dalvik vs The Android Runtime

Every application is run in a virtual machine known as the Android Runtime.

Dalvik was the original runtime VM, and still is referenced to by the name Dalvik bytecode.

Dalvik is not utilized in modern Android OS, and has been replaced by Android Runtime(ART).

Android Runtime (ART)

This is the modern translation layer from the application’s bytecode to device instructions

Every app runs in its own sandboxed virtual machine.

Likewise, in the file system applications are isolated by creating a new user unique for that application.

Android Identity and Access Management

As mentioned, each application has its own user for the application.

This is the owner of the application directory (UID between 10000 and 999999, username similar: i.e. u0_188 for UID 10188)

/data/app/com.example.app — generic application data

/data/data/com.example.app — runtime storage of data

/mnt/sdcard/Android/data/com.example.app — externally stored location for runtime

/data/data/com.example2.app — a different app requiring different user

This stops applications from interacting with each other unless explicitly granted permission, or a Content Provider/Broadcast Receiver is exposed.

Root user, system level accounts

Emulators w/ non-Google Play APIs allow root

Profiles

Separated App Data, useful for things like BYOD

Work Profile, Personal Profile, Always-On VPN for certain apps.

Still has access to system level functions such as Wifi, Bluetooth, 4G LTE, but can have isolated aspects for Data Loss Prevention like a clipboard (copy-paste), contacts, camera, etc.

Primary User — this is the user created first time the phone is started, always running, can only be removed by factory reset.

Secondary User — Additional users you can add to the device, and can be created/deleted by the primary user.

Guest user — Can only be one guest user at a time, a fast way to have guest access to the phone

Kid Mode — Google Kids Spaces (tablets only), Profiles/Account for Kids, usually vendor specific Samsung Kid Mode.

Android Architecture

Major Layers:

Linux Kernel

Hardware Abstraction Layer

Libraries (Native C or Android Runtime)

Java API Layer

System Apps

Architecture

Linux Kernel

Support for multiple CPU types (ARM, SoC) and 32 and 64 bit.

Applications are explicitly told which version of the Android Runtime/API version to run on.

Android Manifest — minSDKVersion

The higher, the better, BUT developers want to include the most customers possible!

Lower SDK/Android Versions can have more security vulnerabilities and can allow for different types of attacks on only some devices/emulators.

Access to the physical components of the Linux device are controlled by drivers.

Bluetooth, camera, Microphone, Wifi, LTE, Display, etc.

Hardware Abstraction Layer (HAL)

Abstraction layer that allows applications to access hardware components irrespective of the device manufacturer or type.

Allows applications to simply access “the camera”, “the microphone”, “the location (GPS)”, Bluetooth, the touch drivers without needing specific built-in drivers or manufacturer details.

New/Upcoming HAL Types:

Automotive — Android Auto, Apple Car Play

IoT

Fitness Watches

Fitness Devices (peloton, etc.)

IoT Home devices (Alexa, Google Home, etc.)

Gaming Peripherals

Native C vs Android Runtime

C and C++ is the device’s native language.

Does not require a VM.

Webkit — built in web browser for the app (iFrame).

OpenMAX AL, OpenGL ES — UI frameworks for 2D/3D models.

Java is often easier to code in, meaning that most developers prefer this.

Older apps built in Java, newer often built in Kotlin.

In 2019 Google announced Kotlin will be the preferred coding standard.

Kotlin is utilized by approximately 60% of app developers for Android.

Java API Framework

This is often what allows you app to interact with other apps, and also the device itself as defined in the Android app.

Content Providers — a way of sharing data to other applications via a specific directory (if exported).

Content://<app-URI>/directory

View System — Utilized for making the App’s UI and normalizing it.

Managers:

Manages and runs things like:

Notifications — apps popups for reminders.

Telephony — receiving/making calls, and opening contacts.

Package — managing the application package, looking for updates, ensuring integrity.

Location — manager of location services.

System Application Layer

The pre-installed applications on the Android Phone.

Contacts, Phone, System Settings, Text Message, Apps, Camera, System Monitor, Calendar.

Google Applications.

Vendor Specific Apps.

Great thing about Android is you can always set a new default app to replace the vendor-supplied or system app.

This is the Android Security Architecture…

If you want the PDF of this, you can DM me here:

LinkenIn: linkedin.com/in/aditya-jha127

Instagram: https://www.instagram.com/gearhead.byte/

Android Security
Android Architecture
Ethical Hacking
Cybersecurity
Tcm Security

--

--

Aditya Jha
Aditya Jha

Written by Aditya Jha

74 Followers
4 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams