Dalvik code is accountable for
process segregation and thread management. Each Android application corresponds
to a separate instance of Dalvik virtual machine, and can be executed in
virtual machine.


Figure 1: Android
software stack

The Android operating system’s
objective is to guard user data, protect system resources, and offer
application separation. To accomplish these goals the following security
features are provided:

application sandbox for all applications

inter process communication

security at the OS level through the Linux kernel

defined and user granted permissions



4: Android Security Features:

4.1: Sandbox

Android applications are run in a
sandboxed environment by assigning each application a Linux User Identification
number (UID) and a group ID (GID). For the operating system, this creates the
appearance that applications are actually take apart people using the device.
The UID number is unambiguous to the developer of the app to avert masquerade
of another developer in the Google Play store. Applications from the same developer
have the option to unite permissions into a single user if they request to do

4.2: Broadcasts

In addition IPC, apps can be authorized
to both send and receive messages to all applications on the device. This is
called broadcasting and broadcast receiving, correspondingly. Broadcasts can be
messages such as “Battery Low”, which shows for a concise moment. Broadcast
receiving is the procedure of receiving these broadcasts in charge to carry out
some action. For example, an app may desire to know when the “Battery Low”
broadcast is received in order to optimize battery life.

4.3: Permissions

Permissions permit and refute
developer’s access to responsive user data or phone functions. If an
application desires to use risky permissions, the user must accept the request
before the app can gain access. This security determines allows users to make
the significant security decisions.

4.4: Intents

In Android, events are determined by
Intents. Intents are objects that converse the wish to perform an action, for
example open up the user’s contacts. Intents can be packaged with extra data,
such as opening up a precise contact inside the user’s contacts. Intents can be
Implicit or Explicit. Implicit Intents will request all able applications on
the device to carry out the desired action whereas; Explicit Intents signal
precisely what app will execute the Intent. The apps that can hold the request
will be notified only. Such as, when a user has two Internet browsers and
wishes to open a link, both browsers could be used, so the system will ask the
user to choose which one he/she prefers.

4.5: IPC

Even if apps are sandboxed,
applications can still communicate with other apps and the Android system if
the accurate permissions are in place. Both apps need permission if not the
requesting app cannot communicate with other apps. This is called Inter-Process
Communication (IPC). Having apps commune with the same UID can be a security
risk that allows privilege escalation.


Security Weaknesses of Android OS


I will try to summarize the
limitations, which discover the weaknesses, of Android security model and its
app-market ecosystem as follows:


1:  Android adopts an open market model with
less unconfirmed app installation:


I'm Katy!

Would you like to get a custom essay? How about receiving a customized one?

Check it out