Android is an operating system (OS) created for intelligent mobile devices with a touchscreen, such as smartphones or tablets. Knowing the features of a device is important to identify the vulnerabilities that can potentially compromise the integrity, confidentiality, or availability of your application (app).

A smartphone is a connected device and so malicious software can infect it in several ways. The smartphone can communicate with different devices by a wireless or wired connection. For example, it can connect to a computer by a cable or it can connect to another mobile device by a wireless Bluetooth network. These communications allow the user to transfer data, files, or software, which is a possible path to infect the smartphone with malware.

A smartphone is also a connected device in the sense that it can connect to the Internet by cellular networks like 3G or access points via Wi-Fi. Internet is therefore another path of potential threats to the security of...

Android provides a secure architecture to protect the system and its applications. Android architecture is structured like a software stack in which each component of a layer accepts that the layer following it is secure. The following figure shows a simplified version of the Android security architecture:

Android OS is a multiuser, Linux-based platform in which each app has a different user. Each app has its own user ID (UID) in the Linux kernel that is unique. The UID is assigned by the system and is unknown to the app. Because of the unique UID, Android apps run in separate processes with different permissions. This mechanism is known as application sandboxing. The Android Application Sandbox isolates each application's data and code execution to improve its security and prevent malware. This means that under normal circumstances, you cannot have access to other application's data and other applications do not have access to your application's data. As...

With application sandboxing, apps cannot access parts of the system without permission, but even with it, Android allows data sharing with other apps or access to some system services. An app needs to request permission to access device data or to access system services. Permissions are a security feature of Android system, but misused permissions make your application vulnerable.

The permission needs of an app are declared in its manifest file. This manifest file is bundled into the app's Android application package (APK), which includes its compiled code along with other resources. The permissions requested in the manifest file (manifest permissions) will be shown to the user when installing the app. The user should review these permissions and accept them to complete the installation process. If the user agrees to them, the protected resources are available to the app.

Apps in Android cannot access each other's data directly because of application sandboxing, but Android's system provides some other mechanisms for the applications to communicate with each other. Intents and content providers are mechanisms that we can use on the Java API layer. Intents and content providers should be used carefully to prevent attacks from malware applications. This is the reason why it is important to understand their characteristics.

In this chapter, you learned about the vulnerabilities associated with mobile devices—both external and internal. You now understand the Android architecture and the features provided by the system to keep it safe. You now know which components of the Java API layer are vulnerable to attacks, so you can learn how to mitigate them in the next chapters of this book.

In the next chapter, we will start using Android Studio IDE. As the first step to create secure Android applications, you will learn how to monitor Android applications in the debugging environment in order to detect incorrect behaviors.