October 25th, 2010 By Owais

Analysis report on Android Application Framework and existing Security Architecture  



Android is the first comprehensive open source mobile software stack, destined towards consumer market. It consists of complete mobile operating system supported by Linux kernel, a newly built Dalvik virtual machine, and some smart mobile applications. Android systemarchitecture is composed of applications, its framework,native c/c++ libraries, Android runtime (which is further consist of Dalvik virtual machine and Android core libraries which reflects the functionality of core libraries written in java), and at last the Linux kernel use to managethe low level resources. The Android application architecture has four basic components; these are activities, services, broadcast receivers,and content providers. Every Android application may comprise of one or more such components. The purpose of this report is to discussthe application components and their life cycle in detail. Moreover, the permission model and security architecture of Android are explained separately in this report. Android system implements security at process level. Variables, such as user IDs and group IDs are use to identify the  applications, which in turn use to control access of that application. The components of one application could access the services provided by other application’s components, this inter component communication is controlled through permissions assigned in AndroidManifest.xml file. The URI based security permissions further refines the control access to any application’s component. Some security holes were found in  Android; in response Google has suggested some remedies to such security bugs. The report also incorporates a case study to elaborate the application’s component life cycle.


This document is written as part of the research project EASIP (Extending Android Security for Intent Policies) funded by ICT R&D. It has mainly three objectives. Firstly, we present the application components and their life cycle. Secondly, we present the existing Android security mechanisms to elaborate what is going on within Android at the moment. Finally, this report will lead us to complete EASIP’s next milestone, i.e. the implementation of a rudimentary ‘Selective Permission Mechanism for Android’.


Android is the first comprehensive open source mobile platform, equipped with operating system, a Dalvik middleware, Linux kernel and with some rich modern day handset applications. The open source licensing of Android, gives freedom to developers to develop applications without concerning the royalty and licensing cost. There is no such cost of membership, testing, and digital certification fees involved in the development of Android application. The Android SDK provides the tools and APIs necessary to begin developing applications on the Android platform using the Java programming language. Developers mostly choose the popular Eclipse Integrated Development Environments for development. The innovative Android is positioned well to confront the current challenge of mobile market place.

Features of Android

  1. Android Software Development Kit:  The android SDK includes an emulator, some tools for performance profiling and debugging.
  2. Dalivik Virtual Machine: It is specifically designed for Anroid platform and optimized for mobile devices, where resource constraints is an issue
    (like low memory, small size, and lower processing power). Dalvik is capable of executing programs written in Java.
  3. Graphics Support: Android have support for both 2D and high performance 3D graphics where the OpenGL is used to provide support for 3D graphics.
  4. SQLite:  Android use small sized SQLite as an RDMS(Relational DataBase management System)
  5. Connectivity: Android is provided with modern day communication technologies. It supports Bluetooth, WiFi, UMTS, CDMA, EDGE and 3G.
  6. Media Support: Android has got support for different picture formats, including JPEG, BMP, GIF, PNG etc. H.263 and H.264 are video coding techniques supported by Android. H.263 is specialized for video conferencing, H.264 is basically MPEG-4 standard, use to offer high video compression.

Android System Architecture

The Android system architecture comprise of four layers. The lowest of all is Linux kernel layer, used as an abstraction between hardware and the remaining software stack of Android. The basic reason to choose Linux 2.6 as kernel, as it is an open source and has proven driver model. It makes Android a robust operating system structure. Android rely on kernel for memory management, security model, network stack and process management. The Android current architecture relies on MSM7200A Qualcomm chipset for following features.


The native libraries of Android are written in C/C++, used by various components of Android. They act as point of contact between higher abstract layers and lower level components. They provide implementation of services provided by android to various applications.

Android Runtime

Along with native libraries, the Android runtime is on second layer right above the Linux kernel. The Android runtime consist of Dalvik virtual machine and some core libraries (it inherit almost all features provided by the core libraries of Java programming language).

Application Framework

Application Framework is on third layer going from bottom to top. It is basically a built-in toolkit, use to provide different set of services to Android applications. All those services which utilizes by core applications are make available for the Android developers to build innovative and rich Android applications. The application architecture is designed to simplify the reuse of components; any application can publish its capabilities and any other application may then make use of those capabilities (subject to security constraints enforced by the framework) through underlying components of application framework layer.

The Activity Manager manages the lifecycle of the applications and provides a common navigation backstack of applications that are running in different processes The Package Manager maintain track of all applications that are installed in the device. The Telephony Manager support applications to access the information regarding telephony servicesContent Providers supports the sharing and accessing of data among applications; suppose the messaging service is an application that can access the data of other application contacts. time. Android supports a number of different kindsof resource files, including XML (use to store anything, other than bitmaps andRaw), Bitmap (Use to store images), and Raw files (other resources such as sound, string, etc).


Security is implemented at process level in Android. It implements security procedures through different mechanisms at different levels. This includes implementing security at application level through user and group ID’s. At component level it makes usebof permission mechanism to restrict access to specific component while at data level it implements security through per URI basis permissions. Android architecture is defined such that no application can perform an operation on any other application, its components or its data, such as, Reading and/or writing. The only way to get access to any component or data is to explicitly declare the permissions it needs for that specific additional capabilities. It is implemented on two levels; Application level security and components and  data level security.

Application Level Security

Android is a multi-process system, in which each application (and parts of the system) runs in its own process. Most security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. Additional finer-grained security features are provided through a “permission” mechanism that enforces restrictions on the specific operations that a particular process can perform, and per-URI permissions for granting ad-hoc access to specific pieces of data.

Mechanism employed are:

  • Security implemented by Application Signing using Certificates mechanisms
  • Security enforcement using USER ID
  • Security enforced on File

Components Level Security

Each application runs as a unique user identity, which lets Android limit the potential damage of programming flaws.

Figure 1 Example: Protection. Security enforcement in Android occurs in two places:

  • Core idea of Android security enforcement – labels assignment to applications and components
  • A reference monitor provides mandatory access control (MAC) enforcement of how applications access components.
  • Access to each component is restricted by assigning it an access permission label; applications are assigned collections of permission labels.

When a component initiates ICC, the reference monitor looks at the permission labels assigned to its containing application and— if the target component’s access permission label is in that collection— allows ICC establishment to proceed.

Figure 2 Access permission logic

To view a detailed report click here

Leave a Reply