i Malware mobile analysis – Part 1 – All things in moderation

Malware mobile analysis – Part 1

Android architecture

Architecture of Android Operating System

Let us now discuss the architecture of Android. It is basically a software stack that contains three components, namely, Middleware, Operating System and Key Applications. Its features include:
– Bluetooth, EDGE, WiFi and 3G.
– SQLite for structured data storage.
– Application Framework
– Dalvik Virtual Machine, etc.


Android phones usually come with some default applications such as email client, browser, calendar, SMS, maps, etc. The applications are programmed using Java.

Application Framework

Android developers are offered the utilization of information of access location, set alarms, device hardware, run background services, etc. Android developers also have access to the framework APIs that is also used by the core applications. Reuse of components is exercised by the application architecture design.
All applications have a set of systems and services underlying them:
– Views:- These are used to build applications, such as, text boxes, grids, buttons, and also a web browser that is embedded.
– Content Providers:- These allow applications to share their own data and to access information from other applications.
– Resource Manager:- This provides access to resources (non-code) such as graphics, layout files and localized strings.
– Notification Manager:- Custom alerts are displayed on the status bar using a notification manager.
– Activity Manager:- It provides a common navigation backstack and it also deals with the lifecycle of an application.

Libraries and Android Runtime

Android is equipped with a set of C/C++ libraries that is used by several components of the system. These libraries are provided to the developers through the Android Application Framework.
Some of the core libraries along with their functionality is shown below:-
– System C Library:- It is used for embedded Linux-based devices. It is a BSDderived implementation of the C system Library libc.
– Media Libraries:- These libraries basically support recording of audio and video formats, playback and static image files, such as, JPG, AMR, MP3, PNG, AAC, MPEG4 and H.264.
– SGL:- This comprises the 2D graphics engine.
– SQLite:- This is a relational database engine that is accessible to allapplications.
– Surface Manager:- it controls the access to the 2D and 3D graphics layers from various applications and to the display subsystem.
Android Runtime
Android has some core libraries that offer most functionalities that are also available in the core libraries of the Java programming language. All android applications run in their own processes with their own instances of the DVM (Dalvik Virtual Machine). Dalvik allows a device to run several virtual machines efficiently. DVM executes files in the .dex format. The DVM is dependent on the Linux kernel for underlying functionalities such as low-level memory management and threading.

Linux Kernel

Android services, like process management, driver model, memory management, security and network security, of the core system depends on Linux version 2.6. The kernel also behaves as a layer of abstraction between the software stack and the hardware.

Android security modle
The whole idea behind mobile platform is the fact that the user can run a lot and a lot of different applications on the device. The user might be installing and downloading a banking application that can be doing some sensitive data. On other hand, the user might be installing a game application right next to previous application and running on the same device. The user obviously does not want the game application to be able to access the sensitive data that banking application is operation on. So to achieve this Android platform makes sure that any application is isolated from each other. Basically when the user download and install an application, it will be given a unique UID. In addition, each application will run on separate process on separate virtual machine. Therefore, application cannot read other application private data.

As it was mentioned on Section II, Android was built on the top of the Linux, so the Linux file permission are applied. Permission allows the user to protect his/her sensitive data that are stored on the device. Also, it protects access to content provider, which basically is a database in the device. Permissions are requested by an application at install time and they are granted or denied once at the install time which requires the user approval.

Leave a Reply