The mainstream of the next generation of open operating systems will not be on the desktop, but will appear in the phone that we carry every day. Open environment will lead these new applications may be integrated into these online services that already exist, of course, as with growing data services on mobile phones support the security flaws on the phone is also becoming increasingly clear. The nature of the next-generation operating system, whether to provide a complete integrated security platform.
By the Open Mobile Alliance (open Handset Alliance led by Google) developed the android system is a widely optimistic about an open source phone system, the system provides a basic operating system, a middle ware application layer, a java development tools and a system Application collector (collection of system applications). The android the SDK since 2007 on the release of the first android phone in October 2008 before the birth. Google opened since then on his own time, Taiwan's HTC, the manufacturer of the T-Mobile G1 estimate G1 shipments have more than one million at the end of 2008. According to industry insiders expect the G1 mobile phone sales in 2009 continue. Many other mobile phone suppliers in the near future plans to support this system.
Around an android and a huge developer community has been established, while a lot of new products and applications on the android. Android's main selling point is that it enables developers to seamlessly expand online services to mobile phones. This is the most obvious example is Google's tightly integrated with Gmail, Calendar and Contacts Web applications through the system. Users only need to provide an android user name and password, the phone automatically sync with Google services. The other vendors are quickly adapt their existing instant messaging, social networking and gaming services. Android and many companies find new ways to integrate their existing business to the android.
Traditional desktop and server operating system has been working for the integration of security features. These individuals and business applications on a single platform is very good, however a business phone platform like android is not very useful. It gives the hope of many researchers. Android is not parked in the body for other platform application support: the implementation of the application depends on a top-level JAVA middle ware, the middle ware running on the embedded Linux kernel. Therefore, developers should deploy their applications to the Android must use a custom user interface environment.
In addition, the android system applications limit the application to call each other API collaboration, and the other to authenticate the user application. Although these applications have certain safety features, some of our experienced developers to create Android applications who revealed that the design of security applications is not always straight forward. Android uses a simple permission label distribution mode to restrict access to resources, but the reasons for the necessity and convenience of other applications, the designers have increased the confusion on this system. This paper attempts to explain the complexity of the Android security, and pay attention to some of the possible development defects and application security. We try to draw some lessons learned, and hope that the safety of the future.
Android application framework for developers is a mandatory framework. It does not have a main () function function or a single entry point for the implementation of the contrary, the developer must in the design of application components. We developed applications to help the API of the android sdk
The Android system defines four kinds of component type.
Activity component that defines the application user interface. Usually, the application developer defines each activity screen. Activity can start, it may pass and return values. Can be handled at a time only a keyboard system Activity, all other Activity will be suspended at this time.
Service components perform background processing. The need for some operations when an activity, after the disappearance of the user interface (such as downloading a file or playing music), it usually take such action specially designed services. Developers can also use a special daemon at system startup, the service is usually defined a remote procedure call (RPC), and other system components can be used to send the interface command and retrieve data, as well as to register a callback function.
ContentProvider component storage and share data with relational database interfaces. Each Content supplier has an associated "rights" to describe its contents contains. Other components when used as a handle to execute SQL queries (eg SELECT, INSERT, or DELETE content. Content suppliers are typically stored the values on the database records, data retrieval is a special case, the file is also shared by the content provider interface.
The components of the broadcast receiver as to send a message from the mailbox to the application. Typically, the broadcast message, the application code implicit destination. Therefore, the radio receiver subscribe to these destinations receive messages sent to it. The application code can also be solved explicitly broadcast receivers, including the name space allocation.
The main mechanism of the interaction of the components of the Component Interaction, is an intent, which is a simple message object, which contains a destination address and data components. The Android API defines his approach into intent, and use that information to initiate an activity such as start an activity (startActivity (An intent)) start services (the startService (An intent)) and radio (sendBroadcast (An intent)). Android framework to inform the calls to these methods began to perform in the target application code. This process, the internal components of communication is called an action. Simply put, the Intent object defined in the "Intent to implement the" action ". One of the most powerful features of the Android is allowed a variety of intent addressing mechanism. The developer can solve the space of a target component using its applications, they can also specify an implicit name. In the latter case, the system determines the best components of an action by considering the installed applications and user choice.
Implicit name is called the action string because of his special type of the requested action. Such as a view action string, in an intent data field points to an image file, the system will directly referring to the preferred image viewer.
Developers can also use the action string a large number of radio to send and receive. Receiver at the receiving end, the developers use an intent filter to customize the special action string. Android Department, including the additional goal of the resolution rules, but an optional string type of data manipulation is the most common.
Android applications are written in the Java programming language.The compiled Java code — along with any data and resource files required by the application — is bundled by the apt tool into an Android package,an archive file marked by an .apk suffix.This file is the vehicle for distributing the application and installing it on mobile devices;it's the file users download to their devices.All the code in a single.apk file is considered to be one application.
In many ways,each Android application lives in its own world:
By default,every application runs in its own Linux process.Android starts the process when any of the application's code needs to be executed,and shuts down the process when it's no longer needed and system resources are required by other applications.
Each process has its own virtual machine(VM),so application code runs in isolation from the code of all other applications.
By default,each application is assigned a unique Linux user ID.Permissions are set so that the application's files are visible only to that user and only to the application itself — altough there are ways to export them to other applications as well.
It's possible to arrange for two applications to share the same user ID,in while case they will be able to see each other's files.To conserve system resources,applications with the same ID can also arrange to run in the same Linux process,sharing the same VM.
Application Components
A central feature of Android is that one application can make use of elements of other application (provided those application permit it).For example,if your application needs to display a scrolling list of images and another application has developed a suitable scroller and made it available to others,you can call upon that scroller to do the work,rather than develop your own.Your application doesn't incorporate the code of the other application or link to it.Rather,it simply starts up that piece of the other application when the need arises.
For this to work,the system must be able to start an application process when any part of it is needed,and instantiate the Java objects for that part.Therefore,unlike applications on most other systems,Android applications don't have a single entry point for everything in the application(no main()function,for example).Rather,they have essential components that the system can instantiate and run as needed.There are four types of components:
Activities
An activity presents a visual user interface for one focused endeavor the user can undertake.For example,an activity might present a list of menu items users can choose from or it might display photographs along with their captions.A text messaging application might have one activity that shows a list of contacts to send messages to,a second activity to write the message to the chosen contact,and other activities to review old messages or change or change settings.Tough they work together to form a cohesive user interface,each activity is independent of the others.Each one is implemented as a subclass of the Activity base class.
An application might consist of just one activity or,like the text messaging application just mentioned,it may contain several.What the activities are,and how many there are depends,of course,on the application and its design.Typically,one of the activities is marked as the first one that should be presented to the user when the application is launched.Moving from one activity to another is accomplished by having the current activity start the next one.
Each activity is given a default window to draw in.Typically,the window fills the screen,but it might be smaller than the screen and float on top of other windows.An activity can also make use of additional windows — for example,a pop-up dialog that calls for a user response in the midst of the activity,or a window that presents users with vital information when they select a particular item on-screen.
The visual content of the window is provided by a hierarchy of views — objects derived from the base View class.Each view controls a particular rectangular space within the window.Parent views contain and organize the layout of their children.Leaf views(those at the bottom of the hierarchy)draw in the rectangles they control and respond to user actions directed at that space.Thus,views are where the activity's interaction with the user takes place.
For example,a view might display a small image and initiate an action when the user taps that image.Android has a number of ready-made views that you can use — including buttons,text fields,scroll bars,menu items,check boxes,and more.
A view hierarchy is placed within an activity's window by the Activity.setContentView()method.The content view is the View object at the root of the hierarchy.(See the separate User Interface document for more information on views and the hierarchy.)
Services
A service doesn't have a visual user interface,but rather runs in the background for an indefinite period of time.For example,a service might play background music as the user attends to other matters,or it might fetch data over the network or calculate something and provide the result to activities that need it.Each service extends the Service base class.
A prime example is a media player songs from a play list.The player application would probably have one or more activities that allow the user to choose songs and start playing them.However,the music playback itself would bot be handled by an activity because users will expect the music to keep the music going,the media player activity could start a service to run in the background.The system would then keep the music playback service running even after the activity that started it leaves the screen.
It's possible to connect to (bind to)an ongoing service(and start the service if it's not already running).While connected,you can communicate with the service through an interface that the service exposes.For the music service,this interface might allow users to pause,rewind,stop,and restart the playback.
Like activities and the other components,services run in the main thread of the application process.So that they won't block other components or the user interface,they often spawn another thread for time-consuming tasks(like music playback).See Processes and Thread,later.
Broadcast receivers
A broadcast receiver is a component that does nothing but receive and react to broadcast announcements.Many broadcasts originate in system code — for example,announcements that the timezone has changed,that the battery is low,that a picture has been taken,or that the user changed a language preference.Applications can also initiate broadcasts — for example,to let other applications know that some data has been downloaded to the device and is available for them to use.
An application can have any number of broadcast receivers to respond to respond to respond to any announcements it considers important.All receivers extend the BroadcastReceiver base class.
Broadcast receivers do not display a user interface.However,they may start an activity in response to the information they receive,or they may use the NotificationManager to alert the user.Notifications can get the user's attention in various ways — flashing the backlight,vibrating the device,playing a sound,and so on,They typically place a persistent icon in the status bar,which users can open to get the message.
Content providers
A content provider makes a specific set of the application's data available to other applications.The data can be stored in the file system,in an SQLite database,or in any other manner that makes sense.The content provider extends the ContentProvider base class to implement a standard set of methods that enable other applications to retrieve and store data of the type it controls.However,applications do not call these methods directly.Rather they use a ContentResolver object and call its methods instead.A ContentResolver can talk to any content provider;it cooperates with the provider to manage any interprocess communication that's involved.
See the separate Content Providers document for more information on using content providers.
Whenever there's a request that should be handled by a particular component,Android makes sure that the application process of the component is running,starting it if necessary,and that an appropriate instance of the component is available,creating the instance if necessary.
Activating components:intents
Content providers are activated when they're targeted by a request from a ContentResolver.The other three components — activities,services,and broadcast receivers — are activated by asynchronous messages called intents.An intent is an Intent object that holds the content of the message.For activities and services,it names the action being requested and specifies the URI of the data to act on,among other things.For example,it might convey a request for an activity to present an image t the user or let the user edit some text.For broadcast receivers,the Intent object names the action being announced.For example,it might announce to interested parties that the camera button has been pressed.
There are separate methods for activating each type of component:
1.An activity is launched(or given something new to do)by passing an Intent object to Context.startActivity() or Activity.startActivityForResult().The responding activity can look at the initial intent that caused it to be launched by calling its getIntent() method.Android calls the activity's onNewIntent()method to pass it any subsequent intents.One activity often starts the next one.If it expects a result back from the activity it's starting,it calls startActivityForResult() instead of startActivity().For example,if it starts an activity that lets the user pick a photo,it might expect to be returned the chosen photo.The result is returned in an Intent object that's passed to the calling activity's onActivityResult() method.
2.A service is started(or new instructions are given to an ongoing service)by passing an Intent object to Context.startService().Android calls the service's onStart() method and passes it the Intent object.Similarly,an intent can be passed to Context.bindService() to establish an ongoing connection between the calling component and a target service.The service receives the Intent object in an onBind() call.(If the service is not already running,bindService() can optionally start it.)For example,an activity might establish a connection with the music playback service mentioned earlier so that it can provide the user with the means(a user interface)for controlling the playback.The activity would call bindService() to set up that connection,and then call methods defined by the service to affect the playback.
A later section,Remote procedure calls,has more details about binding to a service.
3.An application can initiate a broadcast by passing an Intent object to methods like Context.sendStickyBroadcast() in any of their variations.Android delivers the intent to all interested broadcast receivers by calling their onReceive() methods.For more on intent messages,see the separate article,Intents and Intent Filters.
Shutting down components
A content provider is active only while it's responding to a request from a ContentResolver.And a broadcast receiver is active only while it's responding to a broadcast message.So there's no need to explicitly shut down these components.Activities,on the other hand,provide the user interface.They're in a long-running conversation with the user and may remain active,even when idle,as long time.So Android has methods to shut down activities and services in an orderly way:
1.An activity can be shut down by calling its finish() method.Onte activity can shut down another activity (one it started with startActivityForResult())by calling finishActivity().
2.A service can be stopped by calling its stopSelf() method,or by calling Context.stopService().
Components might also be shut down by the system when they are no longer being used or when Android must reclaim memory for more active components.A later section,Component Lifecycles,discusses this possibility and its ramifications in more detail.
The manifest file
Before Android can start an application component,it must learn that the component exists.Therefore,applications declare their components in a manifest file that's bundled into the Android package,the .apk file that also holds the application's code,files, and resources.
The manifest is a structured XML file and is always named AndroidManifest.xml for all applications.It does a number of things in addition to declaring the application's components,such as naming any libraries the application needs to be linked against(besides the default Android library)and identifying any permissions the application expects to be granted.
But the principal task of the manifest is to inform Android about the application's components.For example,an activity might be declared as follows:
The name attribute of the <activity>element names the Activity subclass that implements the activity.The icon and label attributes point to resource files containing an icon and label that can be displayed to users to resource files containing an icon and label that can be displayed to users to represent the activity.
The other components are declared in a similar way — <service>elements for services,<receiver>elements for broadcast receivers,and<provider>elements for content providers.Activities,services,and content providers that are not declared in the manifest are not visible to the system and are consequently never run.However,broadcast receivers can either be declared in the manifest,or they can be created dynamically i code (as BroadcastReceiver objects)and registered with the system by calling Context.registerReceiber().
For more on how to structure a manifest file for your application,see The Android Manifest.xml File.Intent filters
An Intent object can explicitly name a target component.If it does,Android finds that component(based on the declarations in the manifest file)and activates it.But if a target is not explicitly named,Android must locate the best component to respond to the intent.It does s by comparing the Intent object to the intent filters of potential targets.A component's intent filters inform Android of the kinds of intents the component is able to handle.Like other essential information about the component,they're declared in the manifest.Here's an extension of the previous example that adds two intent filters to the activity:
The first filter in the example — the combination of the action "android.intent.action.MAIN"and the category "android.intent.category.LAUNCHER"—is a common one.It marks the activity as one that should be represented in the application launcher,the screen listing applications users can launch on the device.In other words,the activity is the entry point for the application,the initial one users would see when they choose the application in the launcher.
The component can have any number of intent filters, each one declaring a different set of capabilities.If it doesn't have any filters,it can be activated only by intents that explicitly name the component as the target.
For a broadcast receiver that is created and registered in code, the intent filter is instantiated directly as an IntentFilter object.All other filters are set up in the manifest.
For more on intent filters, see a separate document, Intents and Intent Filters.