Android Based Mobile Application Development and Its Security
Android Based Mobile Application Development and Its Security
Android Based Mobile Application Development and Its Security
Department of Information Science & Engg, R V College of Engineering Bangalore, India can be used to create innovative and dynamic third party applications. Mobile Development India has worked extensively on projects ranging from gaming software, organizers, media players, picture editors to go-cart devices and more. II. BACKGROUND STUDY The platform was officially announced and the SDK tools were available in October 2008. Currently there is only one mobile phone that runs the Android OS, the G1 from TMobile. According to the official Android website (Android 2008) the platform is based into the four core features as shown in the Fig 1:
Abstract In the advancing world of technology, Mobile applications are a rapidly growing segment of the global mobile market. Mobile applications are evolving at a meteor pace to give users a rich and fast user experience. In this paper, Android mobile platform for the mobile application development, layered approach and the details of security information for Android is discussed. Google released Android which is an open-source mobile phone operating system with Linux-based platform. It consists of the operating system, middleware, and user interface and application software. Certainly, Android is about to become the most widely used OS on mobile phones, but with Android comes a security vulnerability that few users take into account. On Android Market, where you can download thousands of applications for Android, anyone can upload their programs without having to submit them to careful security checks. This makes Android a prime target for computer criminals. In this paper, we discuss a layered approach for android application development where we can develop application which downloads data from the server. Also an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications is also discussed.
I. INTRODUCTION Android is a new, next-gen mobile operating system that runs on the Linux Kernel. Android Mobile Application Development is based on Java language codes, as it allows developers to write codes in the Java language. These codes can control mobile devices via Google-enabled Java libraries. It is an important platform to develop mobile applications using the software stack provided in the Google Android SDK. Android mobile OS provides a flexible environment for Android Mobile Application Development as the developers can not only make use of Android Java Libraries but it is also possible to use normal Java IDEs. The software developers at Mobile Development India have expertise in developing applications based on Android Java Libraries and other important tools. Android Mobile Application Development
A. Application Fundamentals Android applications are written in Java programming language. However, it is important to remember that they are not executed using the standard Java Virtual Machine (JVM). Instead, Google has created a custom VM called Dalvik which is responsible for converting and executing Java byte code. All custom Java classes must be converted (this is done automatically but can also be done manually) into a Dalvik compatible instruction set before being executed into an Android operating system. Dalvik VM takes the generated Java class files and combines them into one or more Dalvik Executable (.dex) files. It reuses duplicate information from multiple class files, effectively reducing the space requirement (uncompressed) by half from a traditional .jar file. Dalvik was
Page 486
E. Android Runtime Android includes a set of core libraries that provides most of the functionality available in the core libraries of the Java programming language [5]. Every Android application runs in its own process, with its own instance of the Dalvik virtual Fig. 2 Architecture of android [1] machine. Dalvik has been written so that a device can run C. Developing Android Applications multiple VMs efficiently. The Dalvik VM executes files in the The Android SDK provides an extensive set of application Dalvik Executable (.dex) format which is optimized for programming interfaces (APIs) that is both modern and robust. minimal memory footprint. The VM is register-based, and Android handset core system services are exposed and runs classes compiled by a Java language compiler that have accessible to all applications. When granted the appropriate been transformed into the .dex format by the included "dx" permissions, Android applications can share data among one tool. The Dalvik VM relies on the Linux kernel for underlying another and access shared resources on the system securely functionality such as threading and low-level memory [5]. Android applications are written in Java programming management. language. III. LAYERED APPROACH FOR APPLICATION DEVELOPMENT D. Application Framework In this paper we suggest layered approach for android By providing an open development platform, Android application development. This can be used for web based offers developers the ability to build extremely rich and application development. innovative applications. Developers are free to take advantage of the device hardware, access location information, run background services, set alarms, add notifications to the status bar, and much, much more. Developers have full access to the same framework APIs used by the core applications. The application architecture is
Page 487
Figure 3 shows the layered approach for the android application development. The lowest level is HTTP layer which is responsible for sending HTTP get and post requests to the server and receiving the response. Next layer is API layer. This is for parsing the response from the server and formulating the query and passing it to the HTTP layer. The API layer gets the response string from the HTTP layer and parses the string. It also helps in extracting the necessary fields and passes it to the data layer. The Generic Data layer contains the components that include designing business layers and implementing functionalities like caching, exceptional management, logging and validation. Next is platform dependent data layer which takes the data from the API layer and use it. It stores the data in the platform dependent way. Some classes like Adapter, Listview etc store the data dependent on the platform. Last one the UI layer. This helps in showing the data to the user and manages user interactions. It has two components user interface components and user process components. User interface components provide a way for users to interact with the application. User process components synchronize and organize user interactions. UI layer is responsible for views in android. It has Views, buttons, layouts etc. A. The application model In Androids application model [1], an application is a package of components, each of which can be instantiated and run as necessary (possibly even by other applications). Components are of the following types [5]: Activity components form the basis of the user interface; usually, each window of the application is controlled by some activity. Service components run in the background, and remain active even if windows are switched. Services can expose interfaces for communication with other applications. Receiver components react asynchronously to messages from other applications. Provider components store data relevant to
The Provider class has methods to delete, query and update the data stored by this provider.
C. Component classes and methods The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. Smart phones can be used in place of Computers/Laptops. As mobile devices attain increasing capabilities, there are many more opportunities for novel applications development. Recent development of mobile application development has reached a high demand on todays cellular market. Android defines a new component-based framework for developing mobile applications, where each application is comprised of different numbers and types of components. Activity components are the basis of the user interface; each screen presented to the user is a different Activity [6]. Service components provide background processing that continues even after its application loses focus. Content Provider components share information in relational database form. SQLite is embedded into android which supports relational database. For instance, the system includes an application with a Content Provider
Page 488
V. SECURITY ISSUES RELATED TO ANDROID PLATFORM The integrity of the Android platform is maintained through a variety of security measures [3]. A. Applications as Operating System User Each and every application is a user using the operating system. When an application is installed, the operating system
Page 489
[4]
[5] [6]
[7]
Page 490