Android Application Framework and Development Security Analysis

The thesis provides an extensive overview of security features in the Android Open Source Project, focusing on the Application Framework. One of its goals is to explore security features provided by the Android operating system itself and how poorly developed applications can be exploited. It explor...

Descripción completa

Detalles Bibliográficos
Autor: Lynce De Faria Gomes Da Silva, Pedro
Tipo de recurso: tesis de maestría
Fecha de publicación:2023
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/403846
Acceso en línea:https://hdl.handle.net/2117/403846
Access Level:acceso abierto
Palabra clave:Android (Electronic resource)
Cell phones--Security systems
Computer security
Android
Security
Development
Research
Hacking
Application
Telèfon mòbil--Mesures de seguretat
Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:The thesis provides an extensive overview of security features in the Android Open Source Project, focusing on the Application Framework. One of its goals is to explore security features provided by the Android operating system itself and how poorly developed applications can be exploited. It explores application hacking techniques using state-of-the-art tools. In the Project Development phase, a new security feature is proposed: a custom Android permission that requires applications to declare it before sending user files to the internet. The practical work involves analyzing the AOSP source code, understanding the system architecture, and offering an implementation solution. The algorithm monitors applications accessing user files, and detecting bytes sent to the network that match those same files using a hashing algorithm for efficiency. The positive results demonstrate a successful implementation, improving Android's security and facilitating automatic malicious behavior detection. While not a complete software development solution, the thesis serves as a starting point for further exploration or proposing updates to Google. It provides an idea and general guidance for implementing such functionality, considering the complexities of integrating it into the Android system.