Android Application Security Testing Series Part — One

Android has become the most popular mobile operating system globally, with a market share of around 72%. With such widespread use, security has become a major concern, as hackers and attackers are always looking for vulnerabilities in Android applications to exploit. To prevent such attacks, developers need to conduct thorough Android application security testing

4 min read

Before discussing Android application security testing, it is essential to understand the Android application architecture. An Android application is built using a five-layered architecture that consists of the following components:

  1. Linux Kernel: The Linux kernel, which provides fundamental system services including security, memory management, process management, and network stack, makes up the bottom layer of the architecture. The Linux Kernel will operate as an abstraction layer between the hardware of the device and the other elements of the Android architecture. It is in charge of managing the devices, power, and memory. The Linux kernel’s characteristics include:

  • Security: The Linux kernel handles the security between the application and the system.

  • Memory Management: It efficiently handles memory management, thereby providing the freedom to develop our apps.

  • Process Management: It manages the process well, allocates resources to processes whenever they need them.

  • Network Stack: It effectively handles network communication.

  • Driver Model: It ensures that the application works properly on the device and hardware manufacturers responsible for building their drivers into the Linux build.

2. Libraries: The libraries, which are constructed on top of the Linux kernel, make up the second layer of the architecture. These libraries include native libraries like the SQLite library as well as Android-specific libraries like the Android Runtime (ART). To help Android development, the Platform Libraries include a number of C/C++ core libraries as well as Java-based libraries including Media, Graphics, Surface Manager, OpenGL, etc.

  • app: Provides access to the application model and is the cornerstone of all Android applications.

  • content: Facilitates content access, publishing and messaging between applications and application components.

  • database: Used to access data published by content providers and includes SQLite database, management classes.

  • OpenGL: A Java interface to the OpenGL ES 3D graphics rendering API.

  • os: Provides applications with access to standard operating system services, including messages, system services and inter-process communication.

  • text: Used to render and manipulate text on a device display.

  • view: The fundamental building blocks of application user interfaces.

  • widget: A rich collection of pre-built user interface components such as buttons, labels, list views, layout managers, radio buttons etc.

  • WebKit: A set of classes intended to allow web-browsing capabilities to be built into applications.

  • media: Media library provides support to play and record an audio and video format.

  • surface manager: It is responsible for managing access to the display subsystem.

  • SQLite: It provides database support, and FreeType provides font support.

  • SSL: Secure Sockets Layer is a security technology to establish an encrypted link between a web server and a web browser.

3. Android Runtime: The third layer of the architecture is the Android Runtime (ART), which is responsible for executing Android applications. ART includes the Dalvik Virtual Machine (DVM) and the Just-In-Time (JIT) compiler.Android Runtime environment contains components like core libraries and the Dalvik virtual machine (DVM). It provides the base for the application framework and powers our application with the help of the core libraries. Like Java Virtual Machine (JVM), Dalvik Virtual Machine (DVM) is a register-based virtual machine designed and optimized for Android to ensure that a device can run multiple instances efficiently. It depends on the layer Linux kernel for threading and low-level memory management. The core libraries enable us to implement android applications using the standard JAVA or Kotlin programming languages.

4. Application Framework: The top layer of the architecture is the application framework, which provides developers with a set of APIs to build Android applications. The application framework includes various components, such as activities, services, content providers, and broadcast receivers. The Application Framework layer provides many higher-level services to applications in the form of Java classes. Application developers are allowed to make use of these services in their applications. The Android framework includes the following key services:

  • Activity Manager: Controls all aspects of the application lifecycle and activity stack.

  • Content Providers: Allows applications to publish and share data with other applications.

  • Resource Manager: Provides access to non-code embedded resources such as strings, colour settings and user interface layouts.

  • Notifications Manager: Allows applications to display alerts and notifications to the user.

  • View System: An extensible set of views used to create application user interfaces.

5. Application:

The top layer of the Android architecture is an application. On this layer, third-party apps downloaded from the Play Store, such as games and chat programmes, as well as pre-installed programmes like camera, gallery, home, contacts, etc., will be installed. It utilizes the classes and services made available by the application framework to function within the Android run time. Now we have understood the architecture a little bit, lets dive in to why android os or app security is needed.

The necessity for Android app security:

Android app security is needed to protect the privacy and security of users who use Android devices and applications. Android applications process sensitive user data, such as personal information, login credentials, financial information, and health data. If attackers gain unauthorized access to such information, they can use it for malicious purposes, such as identity theft, financial fraud, and more.

Furthermore, with the increasing use of mobile devices, cyberattacks on Android applications have also increased, making it crucial to secure these applications. A single security breach can not only lead to financial losses but also affect a company’s reputation and trustworthiness.

Android app security is essential to ensure that the application meets the security standards set by industry regulators and that user data is protected from unauthorized access. Security vulnerabilities in an Android application can be exploited by attackers to steal sensitive user data or cause damage to the user’s device.

Android OS Security Triaging:

The Android VRP had an incredible record breaking year in 2022 with $4.8 million in rewards and the highest paid report in Google VRP history of $605,000!. Would you like to report bugs with Android or Google devices? ( Pixel series). For this series, we’ll keep to discussing Android app security, but if you’re interested, check out the link below.

Below is a list of security flaws discovered in the Android operating system.

Android Security Resources Repo:

Android App Bug bounty resources:

In the next installment of this series, we’ll build up lab with a variety of susceptible apps and environments, including Kotlin, Flutter, and Java-based apps. In this series, we’ll also look into and attempt to resolve various defense mechanisms and their workarounds.