1 00:00:01,020 --> 00:00:03,940 Welcome to part second of Android security structure. 2 00:00:04,140 --> 00:00:09,090 As you know, Google provides a set of cloud based services that are available to different compatible 3 00:00:09,090 --> 00:00:10,080 Android devices. 4 00:00:10,320 --> 00:00:16,050 And these services are not part of the Android open source project itself, but they are included in 5 00:00:16,050 --> 00:00:17,760 too many different Android devices. 6 00:00:17,760 --> 00:00:18,070 Right. 7 00:00:18,390 --> 00:00:23,660 So we have the primary service for installing applications from the actual store, which is Google Play. 8 00:00:23,910 --> 00:00:29,070 And you also have the services to actually push updates, which is called Android Updates. 9 00:00:29,070 --> 00:00:34,620 Android Updates is an update service that provides new features and security updates through either 10 00:00:34,620 --> 00:00:36,870 the Web or through over the air. 11 00:00:36,990 --> 00:00:40,350 OK, so now there's also the application services. 12 00:00:40,350 --> 00:00:47,280 And basically it's a framework that allows Android applications to use cloud capabilities, like backing 13 00:00:47,280 --> 00:00:50,160 up your application data, backing up your settings. 14 00:00:50,550 --> 00:00:54,990 And also they have cloud device messaging that is going to be in. 15 00:00:55,440 --> 00:00:59,530 Cederbaum is used for pushing messaging to the cloud as well. 16 00:01:00,630 --> 00:01:06,630 They also have another service called Verify Apps, and it basically warn you or automatically block 17 00:01:06,630 --> 00:01:13,740 the installation of any type of compromised applications or any harmful applications and also to continuously 18 00:01:13,740 --> 00:01:20,110 send applications on the device and warn you about them or removing those applications automatically. 19 00:01:20,310 --> 00:01:22,260 Another service is the safety net. 20 00:01:22,590 --> 00:01:26,310 Now, some of you may be thinking that why I am explaining this to you? 21 00:01:26,610 --> 00:01:29,670 Well, because it helps you whenever you are doing testing. 22 00:01:29,850 --> 00:01:34,960 OK, so now going back to the services safety net is basically privacy preserving? 23 00:01:35,250 --> 00:01:41,790 Well, some people call it intrusion detection system to assist Google tracking and mitigating nonsecurity 24 00:01:41,790 --> 00:01:47,790 threats and also to identify other type of abnormal activity within the Android ecosystem. 25 00:01:47,850 --> 00:01:52,140 OK, and now part of that is the safety net at this station service. 26 00:01:52,350 --> 00:01:59,100 And it basically allows third party apps to determine whether the device is compatible and also can 27 00:01:59,100 --> 00:02:03,150 assist identify the Android app, communicating with the Observer. 28 00:02:03,180 --> 00:02:05,690 Right now, there's also the device manager. 29 00:02:05,730 --> 00:02:12,450 So the Android device manager is a Web app and also an Android app that is actually used to locate lost 30 00:02:12,450 --> 00:02:17,410 or stolen devices, which is similar to what Apple has with Find My Device function. 31 00:02:17,820 --> 00:02:23,240 Now, the Android security model is actually based on the concept of applications and boxes, OK? 32 00:02:23,580 --> 00:02:26,420 And each application runs its own sandbox. 33 00:02:26,610 --> 00:02:33,390 Now, a long time ago, I mean, seven years ago, prior to Android was for three, these boxes were 34 00:02:33,390 --> 00:02:36,120 defined by the creation of a uniquely next utility. 35 00:02:36,360 --> 00:02:40,860 And the utility was actually for each application at the time of installation. 36 00:02:41,130 --> 00:02:47,850 Now from Verizon for three, Android actually uses Selznick's, that is the security and has Linux. 37 00:02:47,850 --> 00:02:52,750 And it is actually used for defining the boundaries of the applications and works in Android. 38 00:02:53,010 --> 00:02:59,910 OK, now, as part of the Android security model, Android uses SLA next to enforce Mac. 39 00:02:59,940 --> 00:03:03,120 That is mandatory access control over all processes. 40 00:03:03,120 --> 00:03:03,430 Right. 41 00:03:03,510 --> 00:03:08,550 Even processors running with route also privileges also, but user privileges. 42 00:03:08,670 --> 00:03:11,340 And this actually helps protect the operating system. 43 00:03:11,340 --> 00:03:18,120 Also, Selznick's and has Android by confining privilege processes and automating the security policy 44 00:03:18,120 --> 00:03:19,560 creation on that device. 45 00:03:19,770 --> 00:03:25,770 Now, Android also includes Selznick's in enforcing mode, and it is basically a corresponding security 46 00:03:25,770 --> 00:03:29,240 policy that works by default across those devices. 47 00:03:29,250 --> 00:03:29,520 Right. 48 00:03:29,640 --> 00:03:35,550 So now in enforcing mode, whenever you do security research in Android platforms, the illegitimate 49 00:03:35,550 --> 00:03:42,540 actions are prevented by default and attempted violations are actually logged by the kernel to the message 50 00:03:42,540 --> 00:03:49,260 and to locate OK, Android devices, manufacturers should actually gather information about these errors 51 00:03:49,530 --> 00:03:55,440 so they can actually refine their software and their own Selznick's processes before enforcing them. 52 00:03:55,860 --> 00:03:59,250 However, unfortunately, this doesn't happen all the time. 53 00:03:59,490 --> 00:04:05,280 OK, that's one of the major differences between Apple devices and Android, although Google provides 54 00:04:05,280 --> 00:04:07,140 the operating system to Android. 55 00:04:07,290 --> 00:04:13,590 But it's up to the implementors to actually take care of these implementations and maybe some implementations 56 00:04:13,590 --> 00:04:15,360 may be more secure than others. 57 00:04:15,600 --> 00:04:21,750 Now, by default on Android, only the kernel and a small subset of the core applications run with their 58 00:04:21,750 --> 00:04:22,470 permissions. 59 00:04:22,470 --> 00:04:28,020 Right now, Android does not prevent a user or an application with root permissions from modifying the 60 00:04:28,020 --> 00:04:28,960 operating system. 61 00:04:29,070 --> 00:04:33,300 OK, you can also modify the kernel or any of their application. 62 00:04:33,450 --> 00:04:38,510 So in general, Ruud has full access to all applications and all application data. 63 00:04:38,520 --> 00:04:44,880 So whenever users change their permissions on an Android device to grant access to applications, definitely 64 00:04:44,970 --> 00:04:49,620 increase the security exposure to malicious applications and potential application flaws. 65 00:04:49,800 --> 00:04:53,920 And that's whenever you see a lot of impersonated applications and so on. 66 00:04:54,150 --> 00:04:59,640 So, again, a lot of people that actually rule their devices has to keep in mind that whenever you 67 00:04:59,640 --> 00:05:00,440 are going to go to. 68 00:05:00,520 --> 00:05:05,990 Research on Android devices in a lot of cases, actually, what people do is they start from just by 69 00:05:05,990 --> 00:05:06,800 adopting a device. 70 00:05:07,000 --> 00:05:11,230 Now, the ability to modify an Android device that you own is important. 71 00:05:11,260 --> 00:05:13,510 Developers working with the Android platform. 72 00:05:13,510 --> 00:05:13,800 Right. 73 00:05:13,960 --> 00:05:19,930 So on many Android devices, users actually have the capability or the ability to unlock the bootloader 74 00:05:19,930 --> 00:05:24,180 in order to allow the installation of some other alternate operating system. 75 00:05:24,340 --> 00:05:26,500 So some will call it custom ROMs. 76 00:05:26,500 --> 00:05:26,790 Right. 77 00:05:27,070 --> 00:05:33,400 And these alternate operating systems actually allow a user to gain access for the purpose of debugging 78 00:05:33,580 --> 00:05:38,950 and then system components to access the features that are not present to applications by the Android 79 00:05:38,950 --> 00:05:40,270 apps by default. 80 00:05:40,390 --> 00:05:40,770 OK.