Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • CSCI620 - 12092016 - Android Security

    Încărcat de

    Pruthvi Royal
    8 vizualizări4 pagini

    Titlu original

    CSCI620_12092016_android Security.pptx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    8 vizualizări4 pagini

    CSCI620 - 12092016 - Android Security

    Încărcat de

    Pruthvi Royal

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    Operating System Security

    CSCI-620: M02
    Instructor: Qian Wang
    Email: qwang23@nyit.edu

    Lecture: 12/09/2016
    Introduction to Android Security
    Similar with iOS
    Androids base system is Linux which is similar to Darwin, both provide unix
    like seurity
    Most adroid apps are developed in Java, android has its own Java VM, on older version it
    is Dalvik, on newer version (Android 5.0 and above), it is ART (Android Runtime)
    App Sandbox
    Every Apps are isolated with each other. They are executed in their own file system
    namespace
    App signing
    Similar with iOS, Apps are digital signed to against unauthorized modification
    Protecting OS itself, secure boot
    Newer Android support Verified Boot. The bootloader will verify the second stage loader
    and OS image.
    Content Encryption
    Android 5 and above supports full-disk encryption. Android 7 and above file-based
    encryption
    Difference with iOS
    More complicated secure Inter App communication
    The only way of iOS inter app communication is custom url scheme
    Android is more object oriented IPC
    No central CA (Certificate Authority) for App signing.
    On iOS, Apple is the central CA
    On Android, every developers are their own CA (self-signed certificates)
    The same developer can declare permissions for Apps signed with the same key, or shared sandbox
    Multiple App store,
    Most common is Google Play Store. Amazon has its own app store. Some places, such
    as China, Google Play Store is not available. Huawei, Xiaomi all have their own app
    stores.
    In order to use the most popular apps, such as Gmail, Google Maps and YouTube, the
    phone manufactures have to sign contracts with Google.
    Install Apps outside app store, i.e., sideloading, is much easy on android
    Rooting (gain root permission or jailbreak), install modified bootloader and OS
    are also much easy on android
    Advantages and disadvantages
    comparing with iOS
    The system update of iOS is much regular and easy.
    Developers dont need to worry about compatbility with very old systems.
    Security bugs are patched up much faster.
    Android system updates are taken care by phone manufactures. Some are
    doing better job, most are not doing good job. Only Googles own brands,
    nexus and pixel, got regular updates
    Developers need to worry more about compatbility
    Most importantly, security bugs are not patched fast enough
    Vetting, even on Googles Play Store is not as stringent as Apples App
    Store.
    Virus apps are much prevalent on android
    Overall, iOS is a much better choice if your concerns are security and
    privacy.

    S-ar putea să vă placă și