We’ll introduce you the Android platform from the different points of view, which include Android security architecture, android application structure, IPC or Interprocess Communication and the Android application publishing.
Once you went through this tutorial, you will be able to start testing on your own. We will show you everything you need to know if you want to start to test the mobile platforms. We will represent you the issues which may catch your effort on the net or anything that could go wrong. But, I don’t like to be that pessimistic! And we don’t have to together because here you will learn the best stuff when it comes to this field. If you are dreaming about becoming a veteran in mobile platform testing, this a great way to start! I will explain you everything and also I will try to be very simple for your better understanding. So, it doesn’t matter if you are a newbie or a professional, you will get all the information you need right here. It is very hard to find the reliable source which will provide you such information that you could be really convicted that you are doing the right thing. There are so many different websites which offer so many confusing info that will basically blow your mind and you will give up easily. That is not what we want! We want you to learn as much as you can about this tutorial! So, I won’t take any more of your time! Let’s get to the action!
Let’s start with the first one, Android security architecture! There are so many users who love and use the Android platform, and probably you are also the one who uses it or at least have tried it. It is great and reliable and provides so many different applications which are very useful and professionally made. But, it is also important to know that the Android is actually very versatile and customizable OS just because of those numerous applications. Have you ever thought about your personal information in the OS? Is it protected? You need to know more about the security architecture.
There are several different layers in the Android’s software stack. We will help you to understand them fully and easily. What those layers define actually? They offer and define the interfaces of specific services. A variation of the Linux Kernel would be the lowest level on which is Android based. HAL stands on the top defining a standard interface for the purpose of interacting with some built-in hardware components. HAL’s full name is Hardware Abstraction Layer, for your better understanding.
If you haven’t heard already, you need to know that the Android is the privilege-separated operating system where the different apps run through the unique Linux user’s ID. How Linux helps here? It easily isolates the applications from each other.
How are Andoird apps written? In most cases, they appear in Java and are often compiled to Dalvik bytecode. But, now we have ART. It is the newest and the current version which is used for executing the bytecode on the Android’s runtime. Then, we have JIT. It is actually a compilation which affects the performance. It makes sure that the compilation is performed once the app is executed.
Did you know that the Android apps actually don’t have the direct access to the hardware resources? Yes, they run on their own in the different sandbox. It actually allows the precise control, both for the apps and the resources. There is one more thing I would like you to remember. As we have said, Android operating system is based on Linux, but it doesn’t work the same way. What’s the difference? Android doesn’t implement the user’s account in the same way like Unix systems do. It has the multi-user support of the Linux kernel to sandbox apps, and that makes the difference between them.
Application Structure of the Android
How do the Android apps communicate with the operating system? Keep on reading and find out! It interacts with the system services through the Android Framework. What is the Android Framework at first place? It is actually the abstraction layer which offers a high-level Java APIs. Such examples could be the camera, microphone, Wi-Fi connection, the Bluetooth, GPS and more.
Besides those functions, the framework can also offer the cryptography. We will now take a detailed look at the app folder structure.
We will start with some examples, for your better understanding. Let us explain the first one-AndroidManifest.xml. It contains the definition of the application’s package name. Besides that, it also shows the targeted and min API version, the app’s components and its configuration, some user-granted permissions and more. Assets are the directories which contain the app assets. Those can be the files which are used within some of the Android’s app, pictures, the JavaScript files etc. Then, we have Lib, which is the directory containing the libraries which are the part of the APK. Those can be some third-party libraries. There are much more archives, but the most important for you to realize, from our examples, is that the every Android’s app package has the different ZIP archive.
We will talk about Linux now a bit. Linux user management helps the Android by isolating the apps. Here, the Android creates some unique UID for each of its apps. After that, it runs the app in completely separated processes. Besides that, each app can easily access its own resources only. It is a protection which is enforced by the Linux kernel.
The App Sandbox does the similar thing. Separating the app’s data code execution from the other apps which may be found on the same device. It also adds the difference to the security. It is actually one more security layer for the Android.
There are some several high components from which Android apps are made. Those are the activities, fragments, intents, broadcast receivers and content providers and services.
All of them are provided by the Android operating system and they are available through the APIs.
As we came this far, we will now talk about the third part of this lesson, as I have mentioned at the very beginning of this article. The Iner-Process Communications! As you saw, any process that is connected with the Android has its own sandbox address space where it stays separated. But, did you know that Android’s IPC is now relying on a Binder, instead of those usual it used before? We are talking about the default Linux IPC facilities. Open Binder is great for all the high-level Android system services.
First of all, we will need to explain the term Binder, because it may have some different meanings. There we have the Binder Driver, which is actually the kernel-level driver. Binder Protocol-actually used for communicating with the Binder Driver has the low-level protocol. Binder object is the generic implementation of the IBinder interface itself, and the IBinder just the well-defined behavior that the Binder itself implements. It may sound complicated, but it is actually very simple and all of those terms are connected. Then we have the Binder service and the Binder client. It is really easy to understand all the process right now, right? What would the service do? Implementing the Binder objects, sensor service, locations… And the client? A person who uses all those services and options, an object.
What about the Binder framework? It includes the server-side communication model which provides the IPC methods in the proxy objects. Then those proxy objects literally marshall those call parameters they receive and parcel them. After that, they are sending them through a transaction to the Binder server. As we talked already about the Binder server, it is not hard to realize that it is implemented as the character driver, or /dev/binder. Besides that, it holds the requests which are coming and also deliveries the messages to the particular destination objects.
The Bound services. These are the services which allow some other applications to bind them. They also need to provide the IBinder interface to the clients.
We will now talk about the intents messaging. This is actually an asynchronous communication framework. It is built on the top of the Binder and allows both point-to-point and publish-subscribe messaging. An Intent can also be used while requesting the action from some another app component. Then we have the Broadcast Receivers. Those are the components which allow the apps to recieve the different notifications from some other apps and also from the system itself.
What about the fourth part we say we are going to talk about? Would it be the signing and publishing process? Imagine that the application was successfully developed, and now what? What would be the next step? It is not hard to guess. It would definitely be to publish and share it with other users, to teach them how to use it and to realize all of its benefits, right? Well, that is all the truth, but it is not that easy to just add the app to the store once when it is developed. The app must be signed at first place! Here, the most used way is cryptography. It is actually identifying the app’s author and besides that ensuring that it hasn’t been modified since its initial distribution at first place.
After that, we came to the signing process. As we have already mentioned earlier, while developing the app, most of them get the automatically generated certificate. But, most of the times it is insecure and the developer needs to create one by himself. Besides not being secured, such certificates are not even accepted in most of the stores. While creating the unique certificate for the particular app, there are several schemes which can be used.
APK Signing Scheme. Here, the Android app can be verified with two schemes-v2 scheme and v1 scheme.
v1 implements the signed APK as a standardized signed JAR and it must contain all of the entries in the META-INF/MANIFEST.MF.
v2, here we have the complete APK which is hashed and signed. Besides that, the APK Signing Block is also created and automatically inserted into the APK itself. This scheme checks the signature during the validation in such a way that it checks the whole APK file.
After you have completed those tasks, you are ready to create your certificate. Don’t forget to safely store your secret key! Once you’ve checked all and ready for signing the application, the publishing process is just around the corner! The Android eco-system is opened and you can basically distribute the app from anywhere, so don’t lose hope! It may sound like a hard process, but actually, publishing the app is actually the straightforward road…