The structure of this thesis is shown as follows. Chapter 2 describes the background of Android platform and software testing techniques. Chapter 3 describes and compares the related work. Chapter 4 and 5 explain our method and implementation. Chapter 6 shows the experimental results. Finally, Chapter 7 concludes our thesis with future work.
Chapter 2 Background
Smartphone is widely used in daily life, to access the information and rich content over Internet such as reading news on web browsers, E-mailing, social networking, and photo sharing. This functionality of the smartphone are backended by the operating system, which supports different hardware on the devices and provides multi-threading capability to execute the application.
Android was chosen in this study because (1) Google releases the Android source code as open source (2) it is a popular platform with a huge amount of users and developer community and (3) it provides an open application market leading itself for experimenta-tion in the laboratory. Android was described in the first secexperimenta-tion and in the subsequent sections we describes software testing techniques and method of vulnerability analysis.
2.1 Android
Android is an open source project, free of charge, and Linux-based mobile devices platform led by Google and Open Handset Alliance(OHA). Figure1 shows that Android software stack includes Linux operating system, middleware and build-in applications. Most of the phone functionality implemented as an application running on top of customized mid-dleware, which includes Android runtime, native libraries, and application framework.
Application framework programmed in Java language, event driven and component based to support extendable third-party application installation.
At the bottom of Android, hardware layer designed for the ARM architecture and continues to be the primary development platform of the OHA with hundreds of companies contributing to the Android on ARM codebase[15]. It is flexible to integrate with various of vendor, such as HTC, Samsung and others.
Figure 1: Android Software Stacks
2.1.1 Android Market
Google Play1 is an official Apps digital-distribution service for Android platform. Cen-tralize provision mechanism is use to provide Apps as a service, any Android devices pre-installed with “Play Store” App could access it. Multimedia-content includes An-droid applications, games, books and music can be download by free or purchase through Internet access.
2.1.2 Android APP and Dalvik VM
Figure 2 shows that Android application(“Apps”) is common written in Java language.
Once App is ready to deploy, Java sources code will be compile to Java bytecode, e.g.
*.class file. Multiple *.class file are also converting into single Dalvik Executable byte-code(DEX) file with 3rd party libraries, e.g. classes.dex. Finally, Android package file, e.g. *.apk file is a packaging file format consist DEX bytecode which ready to deploy Apps in Android platforms and Market(Section2.1.1).
1Google Play(http://play.google.com/).
Figure 2: Apps deploy flow.
Dalvik Virtual Machine (Dalvik VM)[16] is implemented by C language as the process virtual machine and Dalvik bytecode parser. Android software stack is able to execute multiple App simultaneously, each App executed within its own unique Dalvik interpreter instance and UNIX privilege.
2.1.3 Android Security and Privacy
We have several terms definitions[17] for the following discussion:
• Jailbroken: An apple iPhone or iPad that has had its apple iOS operating system covertly “unlocked” to gain full root access, removing all apple imposed limitations on applications, and essentially exposing all of an application’s features. This idea also could apply on Android devices, as known as “rooted” with full root access.
• Malware: A general term used by computer professionals to mean a variety of forms of hostile, intrusive, annoying software or program code.
• Spyware: A type of malware that collects information and makes it available, usually secretly sent to a third party. The presence of spyware is typically hide from the user and can be difficult to detect.
• Sandbox: A security mechanism for separating running programs.
2.1.3.1 Security
Android software stack is based on Linux kernel. In other words, it inherits the same weakness from desktop Linux operating system. However, kernel porting is an essential task for the vendor to support the hardware components on their devices. Thus, this would be another possible to punch a hole on Android platform to provide vulnerable
entries.
Beside, on top of kernel layer, Android has their own security architecture[18] asso-ciated with the permission framework[19]. Each Android Apps should be executed in
“sandbox” mode. which have specify permission and privilege-separated environment.
Some studies [7, 8] show that privilege escalation attacks is able to break out “sand-box” mode and bypass the restrictions. In the meantime, we found some Apps such like z4root[20], Superuser[21] is used to “rooted” the Android devices.
Furthermore, in our previous work AndWar[22], we successfully evaluated privilege escalation attacks was not only happen at application-level, but system-level also affected such as pre-installed Webkit browser, i.e. 1119, 1759, CVE-2010-1807. We realize that what is the worst scenario if Malware and Spyware used the same technic to attack user.
2.1.3.2 Privacy
Privacy is “the ability to determine for ourselves when, how and to what extent informa-tion about us is communicated to others” [23,24]. Sensitive data is the basic material for
‘information about us’, includes geographic location, contacts, unique identifiers number, photo, etc.