Proceedings ofthe Third International Conference on LSMAC (Lo in Sova, Mobile, Anaytiss and Clow) (-SMAC 2019)
‘Xplore Par NumbeeCPIGOSV-ART, 1
BNITHL-7281-4365-1
ANDROID APPLICATION DEVELOPMENT: A
BRIEF OVERVIE
W OF ANDROID
PLATFORMS AND EVOLUTION OF
SECURITY
Anirban Sarkar!
Dept. of Electrical Engineering and
Computer Science
Texas A&M University —
Ayush Goyal!
Dept. of Electrical Engineering and
Computer Science
Texas A&M University —
SYSTEMS
David Hicks!
Dept. of Electrical Engineering and
Computer Science
Texas A&M University —
Kingsville Kingsville Kingsville
Kingsville, Texas, USA Kingsville, Texas, USA Kingsville, Texas, USA
anirban,sarkar@students.tamuk.edu ayush.goyal@tamuk.edu david hicks@tamuk.edu
Debadrita Sarkar”
Dept. of Computer
Engineering
New England College
Henniker, New Hampshire
dbdrsarkaré40@gmail.com
sence Dept. of Informati
Kolkata,
Abstract—With the advent of new mobile technolo
‘mobile application industry is advancing rapidly. Con
several operating systems like symbian OS, 10S, blackber
ete, Android OS is recognized as the most widely used, popular
and user-friendly mobile platform. This open-source linux
kernel-based operating system offers
‘customization properties making it ant _ mobile
‘operating system. Android applications are programmed in java,
language. Google android SDK delivers a special software stack,
‘that provides developers an easy platform to develop androtd
applications. Moreover, developers can make use of existing
java IDEs which provides flexibility to the developers. Java
libraries are predominant in the process of ‘third-party
application development. Cross-platform approaches make sure
‘that developers do not have to develop platform-dependent
applications. With the help of these approaches, an application,
‘ean be deployed to several platforms without the need for
‘changes in coding. However, android is more prone to security,
‘vulnerabilities which the majority of the users do not take into
account. Any android developer can upload their application on
‘the android market which can eause a security threat to any
android device. These applications do not have to go through
rigorous security checks. In this paper, a layered approach for
android application development along with various cross
platform approaches is briet
introduction to new andro
framework as well as set
discussed. Moreover,
platforms
Keywords — Android architecture, Cross-platform approaches,
Android security
I, INTRODUCTION
Android is an open-source operating system that runs
‘on the linux kernel, Android applications are developed using
the java language. Google has its own SDK which enables
Saikat Hazra®
ion Technology
FIEM
Indi
saikathazra75@gmail.com
these java codes to control devices like mobile phones,
tablets, ete. Android mobile application development
provides a flexible platform for developers where they can
use both java IDEs and android java libraries. Nowadays
Android operating system is an important platform that
provides a dynamic way of developing innovative third-party
applications. The android operating system gained popularity
among developers for its customizable nature, It is very
efficient to build an application in one platform and deploy it
in several platforms simultaneously without having a concer,
about changes to be made. Cross-platform proposes several
approaches to achieve this objective in efficient and creative
ways. Safety is the main concem of android operating
devices. It does not allow extemal applications to change or
‘modiy installed files, It allows customization of permissions
which specifies applications to use the hardware and software
resources of the device. Android users have the authority 0
accept or deny permissions of an installed application
However, android allows IPC _—_(Inter-Process
Communication) which makes the device vulnerable 1
security threats resulting in piracy. One of the main features
of this operating system is that the architecture is quite the
‘same as personal computers, Therefore, security issues can
be fixed in similar ways. However, both technologies can be
the vietim of DoS attacks using resources like bluetooth or
Wi-Fi. Although android applications are highly
customizable, it also increases the risk of unintentional use of
resources or unintentional installations. Therefore, users need.
to be aware of such malicious activities which can reduce the
risks of a security breach
IL, ANDROID ARCHITECTUREProceedings ofthe Third Intemational Conference on LSMAC (lo in Sosa, Mobile, Analytics and Clow) (-SMAC 2019)
‘Xplore Par NunbeeCPIGOSV-ART, 1
BNITHI-7281-1365-1
A. Application Layer
In this layer, the android application components get
‘executed, End-users can make use of applications that are
‘compiled and executed using the Dalvik Virtual Machine
Developed applications use APT libraries to make use of core
resources available in the device. In this layer, default,
applications like contacts, messaging are available [1]
B. App Framework Layer
This layer is designed to allow developers getting
‘access to the core application services. These services ean be
named as Active and windows manager, resource and
package manager, et, In this layer, developers can customize
their applications in order to customize the system structure
of their applications so that they can make use of various
services provided by the API libraries [1]
C. Android Runtime Layer and Linux Kernel
Android runtime layer is primarily focused on the
running state of the processes, In this layer, every program,
has its own specific Dalvik VM environment. Android kernel,
is similar to the kernel of a desktop running linux. It is an
‘open environment providing access to the kernel system.
Android Kernel is mainly associated with management
utilities which include process, power, and memory,
Moreover, it is also concemed with network management
and security systems [1]
I. DEVELOPING ANDROID APP,
FRAMEWORK
APPLICATION
Android applications are developed using java
language using SDKs that provide robust and efficient
application programming interfaces (APD), Android
applications can use native features of the device after the
user grants permission. Inter-process communications and
sharing resources are more secure in android than other
platforms. Android provides an open environment for
application development while taking advantage of every
ccore functionality [3][1]. The set of services provided by the
android development platform includes the following
functionalities (1][2}
‘+ A.set of customizable and extensible Views, which
include buttons, textboxes, browser, lists, ete.
Content providers are used to enabling inter-process
communications. These providers are responsible
for applications retrieving and sharing data with
other applications.
The resource manager is responsible for enabling
the application to access resources like strings,
layout files, ete.
Application notifications handled by a
customizable notification manager. From
permission requests to user notifications, everything
is handled by the notification manager.
The activity manager manages and analyzes every
lifecycle phase of an application.
IV. LAYERED APPROACH FOR
EVELOPMENT
APPLICATION
Fig 1: Layered Architecture
‘The android application development process
consists of several layers. The lowest layer in the hierarchy is
the HTTP layer which sends and receives HTTP requests to
the server. API layer parses server response and formulates a
query. These queries then passed onto the HTTP layer
Subsequently, the API layer parses the response string to the
genetic data layer while extracting the important fields from
the string. Implementation of necessary functions is included
in generic data layer, These important functionalities ean be
termed as caching, validations programs and data,
management systems, In platform dependent data layer
necessary data is collected from generic dala layer to use
This layer is named platform dependent because collected
data ig stored in several classes like adapter or listview
depending on the platform in which they are going to be
used. Ul layer is responsible for the interaction with the end-
user via views, layouts, buttons, ete, This layer consists of
‘two components named user interface and user process. The
first module, user interface components is responsible for the
interaction of the user with developed applications. User
process components are responsible for synchronization and
organization of interactions [3][1]Proceedings ofthe Third Intemational Conference on LSMAC (lo in Soil, Mobile, Anatiss and Clow) (-SMAC 2019)
Xplote Par Number CPIOSV-ART, 1
BNITHI-7281-1365-1
A. Application Model
In this model, every application consists of several
‘components. Every component can be used even by other
applications. These components can be categorized as
activity, service, receiver and provider components, Activity,
‘comportents are used for user interfaces. These components,
are responsible for every window of the application, Service
components are usefal for communicating with other
applications. These components can remain active in 1
background while the user switches to another window and
resume when it is necessary. Receiver components are
responsible for communication with other applications.
‘These communications are done via messages, These
-maessages are received and processed asynchronously by the
receiver components. Provider components are responsible
for storing data which are necessary for the application in
databases, These data can be exploited by several
applications at’ =the = same time —_‘[I]L2]
For example, a chat application for android is
considered, This application stores its data in firebase. This,
application has several components. There arc activities in
Which a user's profile picture can be viewed, There are
services like uploading a profile picture of the user. Receiver
‘components are useful when priority functionalities like
incoming calls or messages artive, the application gets
paused and resumed again after these functionalities,
terminate, Finally, provider components ean be seen working,
when credentials and media files are uploaded to the
database, for this application which is a fircbase real-time
database,
B. Component Classes and Methods
The android application development framework
consists of several component classes. This framework is
flexible towards application development where application
dependencies can be collaborative among each other's
providing necessary simple or complex functionalities
depending on the situations. An application has several
soreens or activities, each activity is responsible for a
different set of tasks. These components are called activity
‘components. User interface is handled by these components
Next is service components which are responsible for
managing and organizing background processes, Content
Providers are responsible for sharing important data between
applications in the form of a relational database. Android is,
‘embedded with SQLite providing support for the relational
database. Finally, the broadcast receiver components which
works as a communication bridge between system and
applications [4].
V. CROSS-PLATFORM APPROACHES
In the process of application development,
developers tend to develop an application that works on a
specific platform. That application then works on that single
platform alone. For example, android applications are
developed using java language, while iOS applications are
developed using objective-C or swift programming language.
‘Windows phones support applications that are developed
using visual C# or C+, The main goal of cross-platform
approaches is to develop applications in one environment
while deploying them on many platforms. These approaches
are beneficial in cost and time-saving. Developers can use
only one programming language to develop the application
and use a cross-platform framework to translate this code to
‘many platforms [5]
A, Requirements for Cross-Platform Approaches
Cross-Platform approaches are efficient in
producing applications for various platforms. There are
several requirements to maintain the high performances of
these applications. Cross-platform must support the
scalability and maintainability of the applications. If
modifications need to be done, cross-platform needs to allow.
the developer to do these modifications in cross-platform
levels only and deploying them on several platforms. These
applications need to have features to use all the resources of
the device. Having no intermediate layer to access the
resources and features is preferable in the cross-platform,
application development process, Maximum allocation and
optimization of resources is the prime concern for cross-
platform applications. The efficient consumption of resources
need to be considered by the developers, but cross-platform
needs to offer automatic optimization and management as
well, Security has always been a concer for the developers
since there are many ways to penetrate the security system of
‘a device as well as losing the device in public. In both cases,
there are higher risks of losing confidential data. Developers
need (o pay attention to the risks of a security breach in the
form of storing encrypted data in the device, Therefore,
cross-platforms must consider security policies. Cross
platforms need to have the capacity of environment
integration, which includes auto-completion, debugger, etc.
(5)
B. Categories of Cross-Platform Approaches
1) Web Approach
‘This approach is based on mobile web browsers and
uses HTML, JavaScript, and CSS for implementation. In this,
approach, implementation of an application is done as a
website and the browser is used as a runtime environment
Necessary optimization techniques like device screen size
need fo take into account for the development purpose, Web
mobile applications have similar interfaces and do not need
updates. However, these applications have limited access to
native features of devices such as GPS, messaging servic
ete. Moreover, these applications are slower as they need
time to render the webpages from the network, Web
applications are not available on application stores such as
playStore or iOS market which is a major drawback of this
approach [5][6]Proceedings ofthe Third Intemational Conference on LSMAC (lo in Sova, Mobile, Analytics and Clow) (-SMAC 2019)
Xplore Par NumbeeCFPIOSV-ART, 1
eS UG
1os wInDows:
ansaom
— |
BNSTHI-7281-1365-1
BRI
COMMON OPTIMIZED WEB SITE
COMMON FRONT-END(COMMON U})
BACK-END|
Fig 2: Web Approach
2) Hybrid Approach
This approach is an amalgam of the advantages of
‘web approaches and features of the devices. Within this
approach native functionalities can be accessed by using an
abstract bridge of JavaScript. HTML contents are embedded
in WebView or UIWebView web containers of the device
using the cellphone browser. Web applications are not
available in the application store, whereas hy‘ applications
‘can be distributed in the various app store, An abstract layer
is responsible to make sure that the applications can use t
native functionalities (5][6}
O ~ (cperarions
a JAVASCRIPT
ae
TE ssgeore
__ foes =)
‘COMMON BACK END
Fig 3: Hybrid Approach
3) Model-Driven Approach
Model-Driven architecture is the basis of this
approach. This approach is driven by the modeling activities
where low-level issues need not be dealt with. These issues
are like saving data to the database of sending a notification
to the user ete, MDA consists of three fundamental models,
PIM of Platform Independent Model, PSM or Platform
Specific Model and PIM to PSM model
‘The PIM model does not depend on the platform in
which it has been implemented. Whereas the PSM model is
dependent on the details of a specific platform that uses the
system. MDA can be used to implement the interface for
several platforms for once and thereafter it can be used 0
implement PSM. Implementation of the user interface can be
done without any help from intermediate runtime
administration, Every platform needs to organize the native
code in order to maintain the application model. The only
concern ia this approach is that any application that needs 10
bbe modeled must be categorized within this approach. For
every platform native code should be generated manually
using SDKs and platform-dependent language. However, the
issue arises with the integration of manually written code as
it is @ challenging task to implement. MD2 is a prototype
designed for a model-driven application development
approach. MD2 is completely based on DSL textual format
which can generate specific runnable applications, However,
this prototype has its own drawbacks which require complete
16}Proceedings ofthe Third Intemational Conference on LSMAC (lo in Sova, Mobile, Anaytiss and Clow) (-SMAC 2019)
IBEE Xplore Pat Nunber.CFPISOSV-ART, ISBN:97¥-1-1281-1365-L
independent Model (PIM)
eae
iSasterts esastcnso
t
Fig 4: Model-Driven Approach
VI. ANDROID SECURITY FRAMEWORK
A. Android App Sandbox
‘The kemel provides functionalities by acting as @
bridge between hardware and software in a system. It is a
very important part of @ system as monitoring OS and
hardware operations concurrently is a critical task.
Sandboxes are set up in the kemel space so that they can
‘access the core functionalities of an OS, Generally,
applications cannot interact with one another without user
intervention and they don’t have full access to OS,
functionalities. Therefore, malicious applications that want to
‘get access to those functionalities, prevented by sandboxes
that are developed using UNIX. Sandboxes are responsible
for monitoring system calls and system acknowledgments
This is done using a process called system call hijacking by
redirecting system calls. System calls are made by the
application in the user space asking permission to use core
functionalities of the operating system. Sandboxes are
‘capable of isolating app-resources form other applications in
‘order to prevent malicious activites [7] [8]
B. Static and Dynamic Analysis
Static and dynamic analysis is the most common
practice for virus detection. In the case of static analysis, the
application does not get executed. In this analyzing process,
binaries get filtered using patterns of malicious programs,
which are known as signatures, Although pattern matching is
the main analysis program, the static analysis also involves,