Introduction
Though there are debates going on Android vs iOS, It is widely accepted that Android is one of the coolest mobile platforms from an end user's perspective. But, when it comes to the security, keeping it's open source nature in mind, it is really challenging for Google to implement a robust security architecture. Lets dive into the android inbuilt security model implemented by Google.Following are the key security features
- Security at the OS level through the Linux kernel.
- Application sand boxing.
- Secure inter-process communication.
- Application signing.
- Application-defined and user-granted permissions
1. Robust security at the OS level through the Linux kernel
Android is built upon Linux Kernel. because of it's open source nature, thousands of developers have been working on Linux kernel security and thus it became a stable and secure kernel by many corporations and security professionals.
2. Application Sandboxing
I would take a step ahead to make you clear with this concept of Application Sandboxing.
Regular Linux Machines:
Lets first take an example of how a normal Linux machine works. Multiple applications running will have the same user ID.
Here, I have logged into my Ubuntu Machine as user "srini" and running two processes.
1. Firefox
2. Gedit
Here, I have logged into my Ubuntu Machine as user "srini" and running two processes.
1. Firefox
2. Gedit
Now, if we look at the User IDs of the above two processes, they run with the same UID "srini". To cross check , i am filtering the processes running with UID "srini" by writing the following command.
ps -U srini | grep 'firefox\|gedit'
ps -U srini : Shows all the process running with UID "srini"
grep 'firefox\|gedit' : filters the output and finds the specified strings.
Figure 1.1
Android Device:
Now, its not true in case of android applications. Every Single application installed in your device, will have a separate User ID(UID). This ensures that each application and it's resources are being sand-boxed and will not be accessible to any other application.
Note: Applications signed with the same key(it is possible if two apps are developed by the same developer), can access each others data.
Figure 1.2 shows how each application is given a separate UID.
1. Connect your device/phone using adb.
2. give "ps" command
1. Connect your device/phone using adb.
2. give "ps" command
Figure 1.2
The above figure shows how each installed app holds a different UID. The highlighted app is the inbuilt contacts app holding the UID u0_a4. Similarly, we can observe the UIDs of other apps.
Figure 1.3 shows how each apps data is isolated in a separate sand-boxed environment under data/data directory.
1. Connect your device/emulator to your machine using adb.
2. Navigate to the directory /data/data using the following command.
cd data/data
3. enter "ls" command
Figure 1.3
Is there a way to break out of this Sandbox?
Google says, "Like all security features, the Application Sandbox is not unbreakable. However, to break out of the Application Sandbox in a properly configured device, one must compromise the security of the the Linux kernel".
This is where we can comfortably discuss about android rooting which enables all the apps to have root privileges to do most of the things they want to do on the android system.
In Linux (and UNIX) based machines, �root� is the supreme user level with highest privileges to perform any task. By default, only the Linux kernel and a small number of core utilities run as 'root' on android. But if you root your device the root user level is available to all apps running on the device. Now any user or app with root permission can modify any other part of the Android OS including the kernel, and other apps as well as the application data by breaking out of the sandboxed environment.
Later in this series, I will write an article to describe how rooting works.
3. Secure inter-process communication
In android, processes can communicate with each other in several ways such as Intents, Network Sockets etc.
Though Google claims that all of them need permissions, Android permissions can be easily bypassed. Later, in this series we will see how we can bypass android permission model to steal sensitive data and to upload it onto a remote server.
The fact with web applications that any data sent over the network without proper cryptographic implementations, is susceptible to attacks holds true with mobile applications as well.
Example: Passing sensitive data in clear text format using an intent.
Note: There were malwares such as iCalender on Google play store which used to send premium rated SMS from user device on which it is installed. Android 4.2 added further control on the use of SMS. Android will provide a notification if an application attempts to send SMS to a short code that uses premium services which might cause additional charges. The user can choose whether to allow the application to send the message or block it.
4. Application signing
Application Signing ensures that every application that is run on the Android platform must be signed by the developer. Applications that attempt to install without being signed will rejected by either Google Play or the package installer on the Android device. Self signed certificates are allowed to use, as Google currently does not perform CA verification for application certificates.
5. Android Permission Model:
Permission model is said to be one of the important aspects of Android Security. However, as discussed in the previous section, we can easily bypass the permissions to do majority of sensitive tasks.
In the next article, we will discuss the aspects of how android permissions are enforced and how a pentester can analyze permissions of applications from security point of view.
0 komentar: