Open in app

Sign in

Write

Sign in

Android Architecture Components: Android Pentesting

Raghuveer Singh Chouhan
7 min readFeb 19, 2024

--

The Android architecture consists of a number of components that make it possible for any Android device to function.

Android is an open-source mobile operating system designed primarily for touchscreen mobile devices such as cell phones and tablets. It is a software stack based on modified versions of the Linux kernel and other open-source programs.

So let’s first discuss about android pentesting.

For a more detailed explanation, you can watch my YouTube video here.

What is Android penetration testing ?

Android penetration testing is important to identify and address security vulnerabilities in Android applications, ensuring that they are robust and resilient against potential attacks.

Why Android penetration testing is important ?

Let’s take a real-world example to explanation the importance of Android penetration testing banking Mobile Application.

Consider a banking mobile application that allows users to access their accounts, transfer funds, and perform various financial transactions. The application stores sensitive user information, including account numbers, passwords, and transaction histories and more user’s sensitive information that can be leak if the application is vulnerable.

Android applications can be analyzed either by using automated tools, or manually. During this process, the mobile penetration tester will use several techniques to simulate attacks, find security flaws in the mobile application, and gain access to sensitive data.

Android Package (APK) Architecture

Let’s understand android architecture!!

How does design work on Android devices, and why is it important in android pentesting?

We first need to understand how the Android architecture works and why it is so important to answer this question.

Android architecture contains different number of components to support android device needs. Android software contains an open-source Linux Kernel having collection of libraries which are exposed through an application framework services.

So what are the layers and components of the Android design? Let us take a look at each one and thoroughly recognize each layer of the Android architecture.

The main components of Android Architecture are:

1. Applications ( System Apps )

Applications is the top layer of android architecture. The pre-installed applications like home, contacts, camera, gallery etc and third-party applications downloaded from the play store like chat applications, games will be installed on this layer only.

It runs within the Android run time with the help of the classes and services provided by the application framework.

2. Framework

The Android OS is available to you through APIs written in the Java language. These APIs form the building blocks you need to create Android apps by simplifying the reuse of core, modular system components.

Application Framework provides several important classes which are used to create an Android application and it provides the services with the help of which we can create a particular class and make that class helpful for the Applications creation. also, it is providing classes to application to create functions.

Framework provides a generic abstraction for hardware access and also helps in managing the user interface with application resources.

In simple term, framework is used to communicate between user interface and application resource (hardware).

Here are some main component of the framework:

  • Activity Manager − Controls all aspects of the application lifecycle and activity stack.
  • Content Providers − Allows applications to publish and share data with other applications.
  • Resource Manager − Provides access to non-code embedded resources such as strings, color settings and user interface layouts.
  • Notifications Manager − Allows applications to display alerts and notifications to the user. •
  • View System − An extensible set of views used to create application user interfaces.

3. Android Runtime

Android Runtime environment is one of the most important part of Android. It contains components like core libraries and the Dalvik virtual machine(DVM).

A Runtime system provides an environment to translate the code written in a high-level language like Java to machine code and understandable by the Central Process Unit (CPU).

it provides the base for the application framework and powers our application with the help of the core libraries.

  • Dalvik Virtual Machine (DVM) is a register-based virtual machine and specially designed and optimized for android to ensure that a device can run multiple instances efficiently.
  • The core libraries enable us to implement android applications using the standard JAVA or Kotlin programming languages.

There are some misconceptions about Java virtual machine (JVM) and Dalvik Virtual Machine (DVM), let’s understand this.

What is the DVM and JVM?

JVM

The JVM is a virtual machine to run Java desktop, server, and web applications. Another important thing about Java is it was developed with portability in mind. Thus, the JVM has been shaped also to support multiple host architectures and run everywhere. But, it is too heavy for embedded devices.

Architecture :The JVM is a stack-based VM where all the arithmetic and logic operations are carried out via push and pop operands and results are stored on the stack. The stack is also the data structure to store methods.

Compilation: Java code is compiled inside the JVM to an intermediary format called Java bytecode (.class files). Then, the JVM parses the resulting Java bytecode and translates it to machine code.

2. DVM

The DVM is a virtual machine to run Android applications. The DVM executes Dalvik bytecode, which is compiled from programs written in the Java language.

One of the key design principles of the DVM is that it should run on low memory mobile devices and loads quicker compared to any JVM. Also, this VM is more efficient when it runs multiple instances on the same device.

Architecture: Contrastingly the DVM is a register-based VM. These registers located in the CPU carry out all the arithmetic and logic operations. The register is the data structure to store operands.

Compilation: On an Android device, the DVM compiles the Java code to an intermediate format called Java bytecode (.class file) like the JVM. Then, with the help of a tool called Dalvik eXchange or dx, it transforms Java bytecode to Dalvik bytecode. Finally, the DVM translates the Dalvik bytecode to binary machine code.

4. Platform libraries

The Platform Libraries includes various C/C++ core libraries and Java based libraries such as Media, Graphics, Surface Manager, OpenGL etc. to provide a support for android development.

  • Media library provides support to play and record an audio and video formats.
  • Surface manager responsible for managing access to the display subsystem.
  • SGL and OpenGL both cross-language, cross-platform application program interface (API) are used for 2D and 3D computer graphics.
  • SQLite provides database support and FreeType provides font support.
  • Web-Kit This open source web browser engine provides all the functionality to display web content and to simplify page loading.
  • SSL (Secure Sockets Layer) is security technology to establish an encrypted link between a web server and a web browser

Some key core Android libraries available to the Android developer is as follows −

  • android.app − Provides access to the application model and is the cornerstone of all Android applications.
  • android.content − Facilitates content access, publishing and messaging between applications and application components.
  • android.database − Used to access data published by content providers and includes SQLite database management classes.
  • android.opengl − A Java interface to the OpenGL ES 3D graphics rendering API.
  • android.os − Provides applications with access to standard operating system services including messages, system services and inter-process communication.
  • android.text − Used to render and manipulate text on a device display.
  • android.view − The fundamental building blocks of application user interfaces.
  • android.widget − A rich collection of pre-built user interface components such as buttons, labels, list views, layout managers,radio buttons etc.
  • android.webkit − A set of classes intended to allow web-browsing capabilities to be built into applications.

5. Linux Kernel

Linux Kernel is heart of the android architecture. It manages all the available drivers such as display drivers, camera drivers, Bluetooth drivers, audio drivers, memory drivers, etc. which are required during the runtime.

The Linux Kernel will provide an abstraction layer between the device hardware and the other components of android architecture. It is responsible for management of memory, power, devices etc.

The foundation of the Android platform is the Linux kernel. For example, the Android Runtime (ART) relies on the Linux kernel for underlying functionalities such as threading and low-level memory management.

The features of Linux kernel are:

  • Security: The Linux kernel handles the security between the application and the system.
  • Memory Management: It efficiently handles the memory management thereby providing the freedom to develop our apps.
  • Process Management: It manages the process well, allocates resources to processes whenever they need them.
  • Network Stack: It effectively handles the network communication.
  • Driver Model: It ensures that the application works properly on the device and hardware manufacturers responsible for building their drivers into the Linux build.
Pentesting
Cybersecurity
Bug Bounty
Android
Hacking

--

--

Raghuveer Singh Chouhan

Written by Raghuveer Singh Chouhan

39 Followers

Cyber Security Engineer || Bug Bounty hunter || Security Researcher

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams