Android Application Framework and Development Security Analysis
The thesis provides an extensive overview of security features in the Android Open Source Project, focusing on the Application Framework. One of its goals is to explore security features provided by the Android operating system itself and how poorly developed applications can be exploited. It explor...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2023 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/403846 |
| Acceso en línea: | https://hdl.handle.net/2117/403846 |
| Access Level: | acceso abierto |
| Palabra clave: | Android (Electronic resource) Cell phones--Security systems Computer security Android Security Development Research Hacking Application Telèfon mòbil--Mesures de seguretat Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Sumario: | The thesis provides an extensive overview of security features in the Android Open Source Project, focusing on the Application Framework. One of its goals is to explore security features provided by the Android operating system itself and how poorly developed applications can be exploited. It explores application hacking techniques using state-of-the-art tools. In the Project Development phase, a new security feature is proposed: a custom Android permission that requires applications to declare it before sending user files to the internet. The practical work involves analyzing the AOSP source code, understanding the system architecture, and offering an implementation solution. The algorithm monitors applications accessing user files, and detecting bytes sent to the network that match those same files using a hashing algorithm for efficiency. The positive results demonstrate a successful implementation, improving Android's security and facilitating automatic malicious behavior detection. While not a complete software development solution, the thesis serves as a starting point for further exploration or proposing updates to Google. It provides an idea and general guidance for implementing such functionality, considering the complexities of integrating it into the Android system. |
|---|