Android and Its
Android is an open-source,
Linux-based mobile OS from the Open Handset Alliance, which is led by Google.
Android apps are written in Java and compiled to Dalvik byte code (.dex), which
is a byte code format designed for Android. In addition to Java code, an app
may contain native libraries, which are invoked from the Java code through the
Java Native Interface (JNI). All files belonging to an app are packaged and
then signed as a single APK file. To make app distribution easy to mobile
users, app markets host third-party apps that can be downloaded into a device.
Besides Google Play (formerly known as Android Market) as the official Android
app market, a number of alternative markets are available. Once installed on a
device, an app runs as an instance of a Dalvik Virtual Machine (DVM) An Android
app internally consists of multiple app components. There are four different
types of app components, namely activity, service, broadcast receiver and content
provider. Inter-component communication (ICC) is performed using intent, which is a
messaging object that contains the destination component’s address or action string,
and possibly data. Besides facilitating unicast-based ICC between two
components, intent is also used to deliver a broadcast to multiple interested
broadcast receivers. Android system itself delivers various broadcasts for
system events, such as upon completion of system boot-up. Unlike regular Java
programs that have a single entry point, Android apps can have multiple entry
points. Android app developers write their code by overriding the lifecycle
methods of app components. The Android framework interacts with different app
components independently, and calls a component’s lifecycle methods based on
the app execution environment.
Android OS deploys various
security measures. Two main measures are app sandboxing
and Android permission model. The former
provides app isolation and containment by taking advantage of Linux access
control and process protection mechanisms.
The latter restricts an app’s
capability by regulating sensitive API calls that access
Android protected resources.
Other deployed security measures include app signing to verify that different
apps come from the same developer and app component encapsulation which
restricts access to a component.