How security is ensured Android

The popularity of the OS Android began to grow rapidly immediately after its appearance, but skeptics predicted its short life. Google was immediately attacked and accused of short-sightedness for objectively existing at that time, serious gaps and vulnerabilities. The market soon refuted the opinions of industry 'specialists', and today this operating system is the most widespread. The first problems have sunk into oblivion, and the developers continue to improve security Android, which is practically its only serious drawback.

A few words about the OS

The relatively young operating system was developed by the company of the same name, which was later acquired by Google. The first version for smartphones (and only) was released in September 2008, and in 2011 the fourth appeared, which became universal and most widespread. Since that time, it has been updated several times, and recently the eighth generation Android has already been released.

It can be said that the system grew up on the OS kernel Linux, but uses the Java virtual machine created by Google engineers. With its help, you can write applications that control the device using libraries Linux, and Android Native Development Kit allows you to import application components that support some other languages ​​('C +').

Today, the Open Handset Alliance (OHA) is engaged in the development and support of the platform. As a rule, updates concern functionality, bug fixes and, of course, security enhancements. Few people pay attention, but each new version gets the name of a dessert, and the Droid and Roboto font families were created specifically for the platform.

to the content

Basic security mechanisms

In Android, the main security task is assigned to the kernel Linux. It is responsible for the observance of access rights and the correct execution of processes. Without his 'consent', no application can access another's data. That is, the protection mechanism is based on the observance of access rights.

In the OS Android, each application receives its own user ID (UID), directory in the system folder and, in fact, is a separate user with rights and permissions to read only its own files.

to the content

What is a 'sandbox'

This is a special term coined to define the fragmentation of the processes of individual applications. Each runs in its own limited environment, or Application Sandbox, which in English means 'application sandbox'.

Each program receives a certain set of resources to execute and 'does not know' that it is in a strictly controlled operating environment, in which any attempt to penetrate someone else's folder is immediately blocked. This protection method is used to prevent malicious programs from accessing system files.

Each process runs inside its own Dalvik virtual machine, so that application code runs in isolation from other programs. By default, each application runs in its own process Linux. Android spawns a process (when some application component needs to execute) and invalidates when it is no longer needed or when the system needs to provide memory to other applications.

to the content

Application access to OS

Apps do not access the OS by default. Android is mounted on a separate section of internal NAND memory (sandboxed / data) and connected to the system directory, but is read-only. This minimizes the chances of enabling autoloading or modifying components.

The developers highlight the possible functions that each application has access to. This creates an environment in which a program cannot access parts of the system for which it does not have permission.

The list of possible permissions is recorded in the Google documentation (Manifesto). It is flexible enough, but at the same time it is well delineated. To conserve system resources, applications with the same UID can be configured to run in the same process in the same virtual machine. The app can request permission to access data in the device, such as user contacts, SMS, removable media (SD cards), camera, Bluetooth and much more. All such requests for access to resources are checked and allowed by the user in the OS Android during installation.

to the content

What is IPC Binder

Applications need to be able to query system services for critical information. Those, in turn, must provide it, otherwise the applications simply cannot work. Sometimes programs need to contact.

The mechanism for the exchange of information between processes in Android is implemented using a special technology IPS Binder. It is a framework that allows you to call remote objects as local and exchange file descriptors between processes. In other words, all processes flow through this common communication medium. And it is at the transfer stage that the maximum risk of information interception exists.

to the content

How the stack is protected Android

A stack (from English – a mop, or heap) is an area of ​​RAM allocated for each thread. When one process ends, space is made for another, and so on. Architecturally, Android is a 'puff pie', or software stack, for mobile devices, including the operating system, middleware, and system applications.

The stack has a fixed size, and exceeding the allocated memory limit will result in a buffer overflow. The data that does not fit will go beyond its boundaries and get into memory cells that are not intended for them. Variables will get distorted, as a result, the program will become unpredictable. It will be possible to transfer control to a piece of code unplanned by the developer.

To protect against breaking the stack of applications created with the Android NDK, as well as system components, an extensive set of tools is used, including those borrowed from other platforms. In particular, AOSP and low-level assembly use the GCC ProPolice compiler and trusted loading mechanism. Some of the system components are being transferred to use the safe-iop library, which provides safe arithmetic operations with integers. The method of implementation of the dmalloc function used in the OS OpenBSD and the calloc function are used, checking for the possibility of an integer overflow during the memory allocation operation. This prevents double-freeing and chunk consistency attacks.

Starting from version 4.0, ASLR technology is used, which allows positioning the images of the executable file, loadable libraries and stack in a random order in the process address space. Due to the need to guess the jump addresses, the complexity of the attacks has increased. Using the RELRO mechanism made it possible to protect the system components of the rewritable sections of an ELF file loaded into memory. In addition, the dmesg_restrict function, introduced in the 2.6.37 kernel, prevents unprivileged users from reading the kernel syslog.

to the content

Application storage

The most vulnerable point Android has always been considered the Google Play application repository. The mechanism that required a mandatory list of privileges before installation was created initially and functioned properly, but did not guarantee against virus infection. The fact is that the very policy of Google made it difficult to check the application in full before adding it to the store.

Anyone could get an account, write a program, make a membership fee and place a program with any code. In order not to stoop to manual verification, Google launched the Bouncer service, which tests new arrivals. An application to be published is run repeatedly in a virtual machine. Bouncer performs actions that simulate user work, analyzes the state of the system in order to identify attempts to access confidential information and other “spyware” activities. According to Google, Bouncer has cut infections by 40%. But this did not become a panacea.

to the content

Code revision and updates

Reviewing code and responding to new vulnerabilities is an essential aspect of hardening an OS. This was shown by the developers OpenBSD.

The Android Security Team is working on an ongoing basis, with the goal of monitoring the quality of the code, identifying and eliminating the found errors and vulnerabilities. It responds to reports sent by users in the following directions:

1. Analysis of the impact of modifications on safety.
2. Testing the code at the stage of preparing a new release.
3. Monitoring and fixing vulnerabilities in an already released version, as well as support for a standard bug tracker.

When a problem is identified, OHA companies are notified and a discussion of possible solutions begins. Only the signatories of the non-disclosure agreement take part in this work, which ensures the safety of information about the problem until it is completely resolved. Corrections are made to the code, and a new patch is added to the repository Android of the Open Source Project. As a result, users receive updates.

If the vulnerability becomes known from public sources, the security team will proceed to resolve the issue in the AOSP repository so that the fix reaches end users as quickly as possible.

to the content

Security of the gadget on Android

Gadgets on Android are the most common in the world today, although they are quite rightly considered the least secure. Starting with the fifth version, we can talk about the signs of serious security. An acceptable level is noted in the sixth, and in the seventh security level is already implemented at a fairly high level.

You can call Android a leaky bucket as much as you like, but security should be considered as a whole, through the prism of a mobile device. There are enough ways to enhance protection, you just need to know about them and use them correctly.

to the content

Types of smartphone locks

Physical access security is ensured by screen and SIM card lock options provided by the OS developer or third-party applications. If we talk about the protection of personal data, we should talk about the first method. The following types of device protection are available to the user out of the box:

1. Password.
2. Graphic key.
3. PIN code.

Starting with the fifth version, in Android there was a user face recognition function and the ability to unblock via Bluetooth / NFC. And in the sixth, the ability to scan fingerprints is implemented. There are applications that allow you to implement voice recognition unlocking. There is also a remote blocking method using the Google service, but it is used in extreme cases.

to the content

Application protection

You can further strengthen your protection by installing code on individual applications. This is possible on the latest OS versions by default. In other cases, installation of a special program is required. Smart AppLock and CM Security, which are available for free on Google Play, do a very good job.

to the content

Protecting media files

Installing a code on a media file, for example, a folder with personal photos, is sometimes necessary. The operating system does not provide standard tools for this. This is possible with the help of special utilities. You can hide the folder in the file manager.

to the content

Latest OS version and app updates

Updating the OS and applications not only increases their functionality, but also reduces the risk of malware infection. The security of Android and iOS is highly dependent on the regularity of updates, since they contain important changes that are devoid of previously identified errors and bugs. You can determine whether an OS update is required in a special section of smartphone settings. It is recommended to enable automatic app updates via Wi-Fi in Google Play settings.

to the content

Official apps only

The ability to install applications from unknown sources exists, but it is disabled by default. And this is done for the safety of the user. The option can be enabled as follows:

1. Enter settings.
2. Open the 'Security' tab.
3. Find the section 'Administration' and check the box next to the item 'Unknown sources'.

It is important to remember that the use of unofficial firmware and programs poses a threat to the device – they may initially contain malicious applications and trojans.

to the content

Granting permissions to applications

The advantage of downloading applications from Google Play is also the ability to immediately view the list of required permissions. You can refuse a dubious offer, which is not always available when choosing to download from the network. After installation, it is not possible to change or revoke permissions by standard means on earlier OS versions. But on Android 6.0, you can manage application permissions even after installation. The function appeared in the gadget settings in the 'Access rights' tab of the 'Applications' section.

to the content

Creation of accounts

Lollipop now has the ability to create multiple user accounts at once. This additional protection for Android is useful when the gadget is used by several people and you need to differentiate access rights to its content. The function of adding a user is available in the settings of the mobile device in the corresponding section.

to the content

Data backup

In order not to lose confidential information along with the gadget, it is recommended to make a backup. The function is provided by standard tools Android with a link to a Google account. User data will always remain available from any browser of the device connected to the user account, and at any time they can be fully restored on another smartphone or tablet.

to the content

Protected Wi-Fi

As a rule, mobile devices are used in the most inappropriate places for this, the main thing is to have the Internet. By connecting to a free but open hotspot in a restaurant, café or airport, you can lose more than you gain. Open networks are not protected at all, so user data can be easily intercepted on the fly. It is better not to use them, or at least not to expose passwords and PIN codes. If you really need to access an unsecured network, you should use VPN or encryption.

to the content

Using encryption

Encryption guarantees maximum protection of user data. The option allows you to encrypt all information on the mobile device, including applications. The function first appeared in Android 4.3, where the user had a choice – to enable it or not, and in Android 5.0 the option is already enabled by default.

The function is tied to the screen lock: it turns on when the lock is activated and turns off after it is removed. Manual control is carried out in the 'Settings' section. The primary encryption process is lengthy, so it is recommended to connect a charger.

to the content

Protected messengers

The security code in Android is not implemented with every messaging client. Unfortunately, not all such applications provide anonymity and confidentiality of correspondence. Until recently, the most reliable in this regard was WhatsApp, which provides encryption of messages. But today it is inferior to new applications like Signal and Telegram.

The first program is used by Edward Snowden, and this is perhaps the best recommendation. Signal offers end-to-end encryption and TOR functionality. And the Telegram app is very popular in extremist circles. This also says a lot. In addition to standard encryption or removal of 'traces of stay' on servers, the program can configure the period for deleting messages.

to the content

Theft protection

The absolute safety of an Android phone cannot be guaranteed. A modern device is expensive, it can be insured and part of the cost returned. If you try to find the phone with the help of the police, you will have to prove it belongs.

But many useful options are available in Google's remote management service, including searching, blocking, and deleting data. In addition, a huge number of programs are freely available that can help in the search or very complicate the use of a stolen device.

to the content

Enabling access to geodata

Many programs need access to location data. By issuing such permission to the gadget, the user gets all the benefits of geolocation. He will have the latest information about traffic jams, he will be able to find any destination on the map or send a photo to the network with a mark about the place of stay.

To get such opportunities, you must:

1. Open 'Settings'.
2. Enter 'Location'.
3. Select a mode. Depending on the model and manufacturer, it can be 'By all sources' or 'By network coordinates' and 'Wireless networks' or GPS.

Google uses open access points and mobile networks for location and always receives this data, even if no program seems to be working. But without enabling the function, neither search nor remote control of the gadget is possible.

to the content

Screen lock

The easiest security step is to enable the screen lock. There are several available ways of implementation, and all are effective. This will not protect against theft, but it will prevent you from immediately using the stolen data.

to the content

Remote control Android

The remote control feature is an effective tool for finding and managing your lost device Android. With its help, in a few clicks, you can not only locate the gadget, but also completely clear its contents. To do this, you need to use the free Find My Device application, which can be downloaded from Google Play and installed on another device, or a service that you log into from a browser.

To create an account, you need a Gmail inbox. After that, you can add the account to the device. The feature is disabled by default, and you will have to activate it yourself. This requires:

1. Go to gadget settings, open 'Security' and enable 'Remote control'.
2. Make sure the device is visible on Google Play. Go to play.google.com/settings and check the box next to the device name in the Availability column.
   
3. To make sure that the device can be found: go to android.com/find, sign in to your account and select the desired device.

to the content

Using special software

You can protect the gadget from hacking and the information stored on it from theft using specialized software. We are talking about antivirus programs, firewalls and similar programs. They recognize in time and will not allow the “pest” to the system.

As already mentioned, special programs allow you to track the location, actions performed with the stolen gadget, block the device, etc. One of the best is Bitdefender Anti-Theft. The application provides a quick search and sending data about the new SIM card number to the owner's mailing address.

Another powerful tool is Cerberus. Features include device tracking and blocking, full memory erasure, call monitoring, network and operator data collection, and even hidden microphone recording. And the SIM-Checker function allows you to find out the new phone number.

to the content

What to do if your smartphone is lost

The simple answer is to search. But first of all, you need to block or erase all data. Actions depend on the situation and the importance of this very data.

to the content

Remote lock

To block Android, you need:

1. On any device, open a browser, enter the 'Remote Control' service using your account.
2. Mark your device and click 'Block'.
3. Confirm with unlock password.

to the content

Device search

You can determine where the device is immediately upon entering the above Google service. All search programs work in much the same way. It is important that geolocation is enabled on the gadget and the old account remains.

to the content

Erasing data

If there is no chance to return the device or the user does not want to risk losing important information, a decision is made to completely delete the data.

To do this, select the 'Clear' button in the remote control service window. The system will perform a full reset of the user data.

to the content

Anonymity and security Android device: Video