6 Nov 2016 SE 435: Development in the Android Environment 1 Introduction to Android 6 November 2016 Lecture 1 Topics for Today •What is Android?… [627344]

6 Nov 2016 SE 435: Development in the Android Environment 1 Introduction to Android

6 November 2016
Lecture 1

Topics for Today
•What is Android?
–Terminology and Technical Terms
•Ownership, Distribution, Advertising

Sources
•Programming Android 1, 3
•developer.android.com

6 Nov 2016 SE 435: Development in the Android Environment 2

Why Android?
•Android is an open source operating system produced (?)
by the Open Handset Alliance (OHA)

–OHA is made up of 84 companies in the cellular, software
industries
–Includes:
–Software engineering by Google
•What does OHA do?

6 Nov 2016 SE 435: Development in the Android Environment 3

Why Study Android?
•Programs are written in an unusual way
•Android OS implements user and program interaction in
an interesting way
•There is a lot of research understanding how Android
works , how it should work, and how it can be modified .

•Number of papers on Android in ACM Digital Library:
–6,648 papers on Sept 9, 2013
–10,075 papers on Oct 22, 2014
–13,680 papers on Oct 19, 2015
6 Nov 2016 SE 435: Development in the Android Environment 4

Terminology and Terms
•When someone says “ Android ”, he could mean:
1.A cell phone, tablet, or device capable of running the Android
OS
2.The Android OS and its source code
3.The application programmer interface (API) and libraries
available for programmers to use the services of a compatible
device
•In this course, we’ll focus on 2 and 3
–Android tries to hide device details from apps

•app: An application written for applications written for the
Android OS or Apple iOS
6 Nov 2016 SE 435: Development in the Android Environment 5

Android OS Terms
•Android OS is based on Linux
–Up until Android Version 4.0, used Linux 2.6 kernel
–Since, Android OS uses the Linux 3.x kernels (varies versions)
–Some fights between Google and Linux about integrating changes into the
regular Linux kernel

•Android OS has a fast update cycle – new updates every 6 to 9
months

•Each Android release has:
–An official version number (ex. 2.2, 2.3)
–An official nick name (code name) (alphabetical candies)
–An official API level (incremental)

•Android is open source
–GPL, Apache Software License, and BSD Licenses (worry about it if you plan
on changing Android)
–Official source code dump on the Android Open Source Project (AOSP )
6 Nov 2016 SE 435: Development in the Android Environment 6

Android Versions Summary
6 Nov 2016 SE 435: Development in the Android Environment 7

Android Versions Summary
6 Nov 2016 SE 435: Development in the Android Environment 8

Android Versions Summary
6 Nov 2016 SE 435: Development in the Android Environment 9

Android Versions
6 Nov 2016 SE 435: Development in the Android Environment 10 •Some updates are just security or bug fixes, so they don’t update the API level

•Android OS is open source, so device manufacturers make custom versions
–Android Compatibility Definition Document
–Some “community” versions of Android
–No “pure” version of the Android OS

•Google directly manages Nexus devices, so they have the “purest” OS with least
custom additions

Rooting, Versions, Bugs
•Android OS hides some features of Linux kernel
–Prevents some advanced networking and communication features
–Prevents regular apps from doing some system administrator actions
–Community mods can unlock those capabilities

•Android OS denies the user system level “ root” access
–Prevents apps from doing some bad or iffy things
–Rooting a device means breaking the OS to get system administrator access
–May involve replacing the Android OS with another one
–People root phones to do things Android OS forbids

•Some Android OS versions have security bugs which were fixed in later versions
–No central update service, so old phones stay old
–Some old phones can’t handle newer OS versions
–People root phones to install newer Android OS version

•Apps written for a particular API level should work on any phone at that API level
–Rooted device with unofficial OS version  ?
6 Nov 2016 SE 435: Development in the Android Environment 11

Languages and Android
•Android OS is based on Linux, written in C and C++

•Most apps developed in Java
–With a set of Java APIs which grant access to the device and network

•App’s Java source code compiled to Dalvik Byte Code (dex)
–Akin to Java byte code, but not the same
–Android OS uses just -in-time compilation to convert dex to binary instructions

•Apps can be written in C using Native Development Kit (NDK)
–Compiled with Java Native Interface (JNI)
–Can call native methods from regular Java code
–Limited to certain processors

•Apps can be written in HTML5 and JavaScript
–Not compiled, just run via a browser window

•All apps run in separate Dalvik Virtual Machine (DVM) instances
–Newer versions (5.0 and higher) use Android Run Time (ART) which compiles dex to native
code on installation
–From then on, runs native code
6 Nov 2016 SE 435: Development in the Android Environment 12

Developing for Android
6 Nov 2016 SE 435: Development in the Android Environment 13 •Eclipse had a bundle and plugin for app development (ADT)
•Newer version Android Studio uses IntelliJ

App source code is compiled into dex, digitally signed, then stored in an APK file
•Compatible with ZIP, fixed structure with file names and directories
•Device’s Application Installer parses APK and installs it
•Stored on device after install in a hidden directory
•Android Run Time (ART) compiles dex into natively executable files to run

Android app development is relatively easy
•Android is basically open
•Sold about 1.1 billion Android devices shipped in 2014.

So Far
•What is Android?
–Terminology and Technical Terms
•Ownership, Distribution, Advertising

6 Nov 2016 SE 435: Development in the Android Environment 14

Android Debug Bridge
•Copy over the APK file to
the device, install it

•Can install any app that
way, signed or not
–Develop, debug

•Requires setting debug
permissions on the phone App Store
•Download from an App
Store web site
–36 major ones as of
October 2014

•App installed by App
Installer
–Checks digital signature
–Checks permissions with
user

6 Nov 2016 SE 435: Development in the Android Environment 15 Installing Apps

App Stores: Big and Small
•App stores can be international or
regional

•Google Play is the largest:
–2.2 million apps (June 2016)
–2.5 billion downloads per month ( as
of July 2015)

•Amazon’s app market is big:
–600,000 apps (as of June 2016)
–25 million downloads per month
(estimate June 2014)
•Language specific app stores:
–Chinese
–Russian
–Korean
•Manufacturer app stores:
–Lenovo
–Samsung
•Open Source : F-Droid
•Many filter apps

•Google Play takes any app, but
runs it though an app filter called
Bouncer first

•Amazon App Market checks all
apps by hand

•Why filter?
–Prevent malware
–Preserve ownership and payment
6 Nov 2016 SE 435: Development in the Android Environment 16

App Store Downloads
6 Nov 2016 SE 435: Development in the Android Environment 17 Source: http://www.onepf.org/appstores / (2014)

Malware
Apps designed to do bad things

1.Delete device data or destructive stuff
–Disable device – “ransomware ”
2.Copy contacts and photos for storage,
mining, spamming, blackmail
3.Connect to a server, have device send
spam or DDOS
4.Things which cost money – premium
SMS, phone calls
5.Use device resources for evil –
recording, taking pictures, track
movements

•Google Play removed 36,000 malware
apps in July 2013 alone
•Certain markets worse:
–Anzhi (China): 77.6% present risk
–China overall: 39.2% present risk
–In India: average device has 3 risky apps
–In China: average device has 2.4 risky apps

6 Nov 2016 SE 435: Development in the Android Environment 18
Source: Fortinet Threat Landscape 2014

Payment and Ownership
Apps make money in three ways:

1.Enforce download fees: App store charges and passes along some
– Some thieves copy real apps, repackage them, distribute themselves
– Some copy for money
– Some add malware functionality before

2.Showing ads: Free to download, ad network pays for screen space
– App includes some libraries or activities from the ad network
– Ad activity downloads ads and shows them
– Ad network pays per view or click
– Ad activity may gather other info: phone IMEI or IMSI, location

3.In app billing: Free to download, no ads
– User pays to use part of the tool or for certain features
– Some games force the user to buy tokens or capabilities
– Google has begun to require in app billing be done via Google Payments
6 Nov 2016 SE 435: Development in the Android Environment 19

Android is free?
•Google gives away
Android OS for free –
why?

•Google sells devices
–Sort of like Apple

•Google is an advertising
company
–See charts
–Google controls the
platform  they control
how ads are developed
and sold
6 Nov 2016 SE 435: Development in the Android Environment 20

Conclusion
•What is Android?
–Terminology and Technical Terms
•Ownership, Distribution, Advertising

6 Nov 2016 SE 435: Development in the Android Environment 21