develop your own android version lessons learnt › secureapps › presentaties ›...
TRANSCRIPT
![Page 1: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/1.jpg)
Develop your own
Android version –
lessons learnt
SecureApps 30/01/2014
Jan Vossaert
![Page 2: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/2.jpg)
Overview
• Introduction
• Android concepts/terminology
• Your own Android version
• Use cases
• Conclusion
![Page 3: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/3.jpg)
Introduction
• What is Android?
o Linux-based mobile phone OS
o Actively developed by Google
o Free to use for hardware manufacturers and others to
use on their device
![Page 4: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/4.jpg)
Introduction
• Why would you build your own Android version?
o Install own default applications
• Cannot be removed by users
o Run Android on custom hardware
o Modifications to Android frameworks
o Add additional applications (PW Manager)
o Settings/security tweaks (VPN/firewall)
o ...
Android for board computers.
(Open Automotive Alliance)
Android for digibox
![Page 5: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/5.jpg)
Licensing
Open: Apache 2
Open: Apache 2
Open: Various licenses
Proprietary (drivers) a (L)GPL
![Page 6: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/6.jpg)
• Bootloader
o Software that starts when device boots
o Responsible for starting Android
o Locked
• Typically restricts software it loads (digitally signed updates etc)
o Unlocked
• Typically loads any software
• Used for booting custom ROMs
Rooted vs unlocked
![Page 7: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/7.jpg)
Rooted vs unlocked
• Unlock bootloader (void warranty)
o Wipes phone
o No need to be root
• Custom ROM with/without root
• Stock ROM with/without root (exploit)
o Root has advantages for back-up (backup more data)
• ‘Locked’ phone
o Phone restricted to telephone operator
o Root Android via exploit
![Page 8: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/8.jpg)
Rooted vs unlocked
• Rooted
o full administrator access of your device.
o run apps that require access to certain system settings
o Some applications refuse to run on rooted phone
![Page 9: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/9.jpg)
Rooted vs unlocked
• Rooted
o BusyBox
• Android, offers a limited amount of UNIX commands
• BusyBox will implement more commands that are necessary for
some root apps to work properly.
o How to root your Android device
• Install custom ROM
• Use exploits (side-loading required)
• SuperOneClick
• FramaRoot
o Writing applications that use root privileges
• RootTools
• http://code.google.com/p/roottools/wiki/Usage
![Page 10: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/10.jpg)
Backup Android device
• Backup with root
o NANDroid
o NAND partition stores all system relevant information
like the bootloader, recovery mode or the kernel.
o Complete system backup of your Android device.
• Backup without root
o Only for applications that implement backup interface
o Local backup via usb
o Remote backup via Google cloud
![Page 11: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/11.jpg)
Your own Android version
Set up development environment
Download source
Modify source
Build source Deploy build
![Page 12: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/12.jpg)
Your own Android version
• Set up development environment
o Linux or Mac OS
o Tested by Google on Ubuntu
o Only 64-bit as of Android 2.3
o http://source.android.com/source/initializing.html
• Download source
o Git repository
o Choose branch
o http://source.android.com/source/downloading.html
![Page 13: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/13.jpg)
Your own Android version
• Source code overview
o bionic: C library (not libc for licensing)
o dalvik: dalvik virtual machine
o external: third party libraries used by Android
o framework: development frameworks provided by Android
o hardware: abstract the actual physical device
o ndk: native development kit
o out: built Adroid system
o prebuilt: contains modules that are prebuilt such as kernel
![Page 14: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/14.jpg)
Your own Android version
• Source code overview
o framework: development frameworks provided by Android
• Java manager:
.../android_source/frameworks/base/core/java/android/hardware/SensorManager.
java
• JNI:
.../android_source/frameworks/base/core/jni/android_hardware_SensorManager.
cpp
o hardware: abstract the actual physical device (HAL)
• C code: .../android_source/hardware/libhardware/include/hardware/sensors.h
![Page 15: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/15.jpg)
Your own Android version
• Regular application: /data/app
• System application: /system/app
o Cannot be uninstalled by user
• Adding system application
o Develop application in eclipse
o Copy app to /packages/apps (symlink also works)
o Delete bin and gen folder
o Create a makefile (Android.mk)
o Add app to /build/target/product/core.mk
o Rebuild Android source
![Page 16: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/16.jpg)
Your own Android version
• Add hardware drivers
o drivers for Google development phones (Nexus) are
freely available
o comes as a self-extracting script
o run from the root of the source tree
• Build type (user – userdebug – eng)
• Target product
o Android flavor to be built
o Different apps/locales
o Configure build for specific device
• PandaBoard
• Increased security measures
• Decreased debugging capabilities
![Page 17: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/17.jpg)
Your own Android version
• Build for custom hardware
o Android builds for similar hardware?
o Kernel is open source
o HAL can be closed source
o New build configuration
![Page 18: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/18.jpg)
• Your own build
o out/target/product/<device name>/update.zip
• Custom ROMs
o Why?
• Newer version of Android
• Add additional features and system tweaks
o Why not?
• Hardware issues
• Warranty
o Distributions
• CyanogenMod
• AOKP
Your own Android version
![Page 19: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/19.jpg)
Your own Android version
• Fastboot
o Special diagnostic and engineering protocol
o Boot device in fastboot mode
o Not accessible on all phones
o Fastboot utility in Android sdk
![Page 20: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/20.jpg)
Your own Android version
• Unlock bootloader
o fastboot oem unlock
• Flash new recovery mode image
o The standard Android recovery mode is limited
o Replacement recovery modes
• Team Win Recovery Project (TWRP)
• ClockworkMod Recovery (CWRM)
o Use fastboot
• fastboot flash recovery your_recovery_image.img
• fastboot boot your_recovery_image.img
![Page 21: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/21.jpg)
Your own Android version
• Unlock bootloader
• Flash new recovery mode image
• Use the recovery mode of the device
o Copy .zip on device
• Re-lock bootloader!
o fastboot oem lock
![Page 22: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/22.jpg)
Use cases
• Fine grained control over release of data to apps
• Secure & flexible backup
![Page 23: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/23.jpg)
Use cases: controlled release of data
• Apps don’t need all the data they request
• Advertisement libraries collect user data
![Page 24: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/24.jpg)
Use cases: controlled release of data
Applications
Contacts Angry
birds …
Application framework
Data
Providers …
Policy
Manager
Management
App
Andro
id s
ourc
e
policy
policy
Policy
Decision
Point
![Page 25: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/25.jpg)
Use cases: controlled release of data
• Policy specification
o On-the-fly
o Pre-defined
![Page 26: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/26.jpg)
Use cases: controlled release of data
• Policy specification
o Pre-defined
o On-the-fly
• Policy rules
o Location
• Real location
• Standard location
• Proximity
• No signal
o Contact data
• None
• Real data
proximity
![Page 27: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/27.jpg)
Use cases: controlled release of data
• Policy specification
o Pre-defined
o On-the-fly
• Policy rules
o Location
• Real location
• Standard location
• Proximity
• No signal
o Contact data
• None
• Real data
![Page 28: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/28.jpg)
Use cases: secure and flexible backup
backup
![Page 29: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/29.jpg)
Use cases: secure and flexible backup
backup
![Page 30: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/30.jpg)
Use cases: secure and flexible backup
Applications
Contacts Browser …
Application framework
Location
Manager
Window
Manager …
Backup
Manager
Backup
Settings
Local
Transport
Custom
Transport
Andro
id s
ourc
e
settings
settings
![Page 31: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/31.jpg)
Conclusion
• Android mods are industrially relevant
o Only kernel modification open source
o Hardware/software requirements for term ‘AndroidTM’
• Android compatibility test suite (free)
• Report generated for Google
• http://source.android.com/faqs.html
• Android can be adjusted to your needs
o Huge codebase
o Updates?
![Page 32: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/32.jpg)
References
• http://lifehacker.com/how-to-flash-a-rom-to-your-android-
phone-30885281
• http://xda-university.com/as-a-developer/introduction-how-
an-android-rom-is-built
• http://trendblog.net/guide-to-android-rooting-custom-roms-
apps-2014-edition/
• http://lifehacker.com/5789397/the-always-up+to+date-
guide-to-rooting-any-android-phone
• http://source.android.com/source/building-devices.html
• http://apcmag.com/how-to-make-your-own-android-
rom.htm
![Page 33: Develop your own Android version lessons learnt › secureapps › presentaties › vierde_user_group… · Develop your own Android version – lessons learnt SecureApps 30/01/2014](https://reader035.vdocuments.us/reader035/viewer/2022070804/5f0361187e708231d408ec94/html5/thumbnails/33.jpg)
References
• http://dottech.org/23370/how-to-root-android-jailbreak-ios-
iphone-ipad-homebrew-webos/#otheroneclick
• http://trendblog.net/android-guide-make-nandroid-backup-
android-phone/
• https://developers.google.com/android/nexus/drivers
• http://source.android.com/compatibility/index.html
• Embedded Android - O'Reilly Media