Download presentation
Presentation is loading. Please wait.
Published byRuth Powell Modified over 9 years ago
1
1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security
2
2 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Outline: Introduction. History. Android Architecture. Security and privacy. Vulnerabilities. Application piracy. Security Measures. Conclusion.
3
3 Company Proprietary and ConfidentialThe document name can go here Introduction Android is a Linux-based operating system. Android is open source, – freely modified and distributed by device manufacturers, wireless carriers and enthusiast developers. the world's most widely used smartphone platform, sharing 75% of smartphone market. –Due to the broad range of manufacturers. Kent State University Android OS Security
4
4 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security
5
5 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Initially developed by Android Inc. Android, Inc. was founded in Palo alto,California in October 2003 by Andy Rubin. Acquired later by Google in 2005. The first commercially available phone to run Android was the HTC Dream, released on October 22, 2008. History
6
6 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Android versions
7
7 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Android Architecture
8
8 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Android device owners are not given root access. –However: It can be obtained by exploiting security flaws in Android. –used frequently by the open source community to enhance the capabilities of their devices. by malicious parties to install viruses and malware. Security and privacy
9
9 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Security and privacy Android applications run in a sandbox. Sandbox is an isolated area of the system that does not have access to the rest of the system's resources. –unless access permissions are granted by the user Sandboxing –reduces the impact of vulnerabilities and bugs in applications. –preventing malicious processes from crossing between applications.
10
10 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Security and privacy Android is becoming the most-targeted mobile platform. The open nature of Android and its large user base have made it an attractive and profitable platform to attack. Google provides major updates to Android every six to nine months –but a majority of Android users have not been able to upgrade to the new OS because the process is controlled by the carriers (one of the biggest security threats).
11
11 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Security and privacy Has no internal back-up restoration. –There are many third-party applications for back up. Deficiency of hardware data encryption. –Honeycomb operating software has hardware encryption problems. A lot of Android malware and Fake anti-malware. –Increased more than 400% this year. Lookout Mobile Security, AVG Technologies and McAfee, have released antivirus software for Android devices
12
12 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Vulnerabilities The Android Market: –a number of malware-infected apps and games being made available to users. –Google currently uses their Google Bouncer malware scanner to watch over and scan the Google Play store apps. Application permissions: –the reality is that many apps request permission to access sensitive content they have no actual need for. Untrusted third party applications. –difficult to identify reputable vendors
13
13 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Vulnerabilities Rooting: – The process of gaining root access. –akin to jail-breaking an iPhone –opens out additional functionality and services to users. –common exploit used by malicious applications. Wi-Fi: –compromise on unprotected Wi-Fi networks. –FaceNiff : intercept the social networking logins. Last vulnerability was detected last week July 4, 2013 –SMS Phishing Scams.
14
14 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Application piracy In 2010, Google released a tool for validating authorized purchases for use within apps. –insufficient and trivial to crack. In 2012 Google released a feature in Android 4.1 that encrypted paid applications so that they would only work on the device on which they were purchased. –deactivated due to technical issues.
15
15 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Security Measures Permissions management: –LBE Privacy Guard acts as somewhat of an application firewall. granting the user the ability to block an application’s individual permissions –Kirin: determine if the requested permissions are relevant or not. Installing trusted packages: –The ability to install non-Market applications. –APK : the standard Android install file format. –A program called APK Inspector has recently been released that will scan the assets, resources, and certificates contained within the APK to ensure it is secure.
16
16 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Security Measures Trace and wipe: –If your Android device is lost or stolen, you can use these applications to remotely ping the device for its location and/or instruct it to delete specific content. Invisible. send remote commands. get the current GPS location. Activate a loud siren. Let the phone call you back and listen to what happens on the other side.
17
17 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Anti-virus: –None of these apps are asking for root access, and therefore they are failing to search for infections on the area of the device that is most targeted and vulnerable. –it covers the apps folders, SD card, SMS, and contact. –DroidSecurity, Lookout. Link security: –malicious links are always loitering in the background waiting to seduce and ensnare hapless users. –There are a number of vendors that have created link security applications. Security Measures
18
18 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Conclusion There is no one-stop effective security measure that can be implemented on an Android operating system. To be secure: –Use built in security features. –Avoid free-unsecured Wi-Fi access. –Securitize every app you download regardless of source. –Understand the permissions before accept them. –Use an effective security app.
19
19 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Reverences An Android Security Case Study with Bauhaus, Bernhard J. Berger, Michaela Bunke, and Karsten Sohr Understanding Android Security, William Enck, Machigar Ongtang, and Patrick Mcdaniel http://en.wikipedia.org/wiki/Mobile_operating_system http://www.bitdefender.com/security/android- vulnerability-opens-door-to-sms-phishing-scams.htmlhttp://www.bitdefender.com/security/android- vulnerability-opens-door-to-sms-phishing-scams.html http://www.android-app-market.com/android- architecture.html
20
20 Company Proprietary and ConfidentialThe document name can go here Kent State University Android OS Security Reverences http://techbii.com/security-risks-android/ http://www.androidpolice.com/2010/11/29/theft-aware-2- 0-the-most-ingenious-android-security-solution-with-the- best-root-integration-weve-seen-to-date-really-hands-on- review/http://www.androidpolice.com/2010/11/29/theft-aware-2- 0-the-most-ingenious-android-security-solution-with-the- best-root-integration-weve-seen-to-date-really-hands-on- review/
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.