# Android * Android is built using open-source **Linux Kernel**. * **Dalvik Virtual Machine (DVM)** provides a platform for running Android apps. * **Android Run Time (ART)** is modern translation layer from the application's bytecode to device instructions. * Android apps are written in either Java or Kotlin. ## Main Components * **Applications** * Represents top layer of Android Architecture. * Includes pre-installed apps like Home, Contacts, Camera, Gallary, etc. * It runs within Android Runtime with the help of classes and services implemented by the application framework. * **Application Framework** * Provides several classes used to create apps. * Provides a generic abstraction for hardware access and manages the UI with app resources. * Includes services like Activity Manager, Notification Manager, View System, Package Manager, etc. * **Content Providers** * A way of sharing data to other applications via a specific directory (if exported) * content://\/directory * **View System** * Utilized for making the App's UI and normalizing it. * **Managers** * Notifications, Telephony, Package, Location, etc. * **Application Runtime** * Contains components like core libraries and DVM. * DVM is optimized for Android to ensure device can run multiple instances efficiently. * **Platform Libraries:** * Includes C/C++ core libraries and Jave based libraries for various functionalities. * Media, SGL/OpenGL for graphics, SQLite for database, Web-Kit for web content loading, SSL for secure transmission, etc. * **Linux Kernel**: * Manages all avaibled drivers required during runtime such as Camera, Bluetooth, Audio, Memory, etc. * Responsible for Security, Memory Management, Process Management, Network Stack, Driver Model. ## APK File * **AndroidManifest.xml** * Contains information about application including it's package name, version, required permissions, and components such as activities, services, and broadcast receivers. * minSDKVersion, Permissions, Activities, Content Providers * Look for activities that have "exported=true", which means that it can be accessed without authentication. * Copy the exported activity name and access it from ADB ``` adb shell # Start Activity am start b3mac.appname/.b123Activity ``` * **Classes.dex** * Contains compiled Java bytecode for application's classes which are executed by Android Runtime (ART) * **Resources.arsc** * Contains compiled resources such as strings, images, and layouts used by app. * **lib/** * Folder contains compiled native code libs for specific device architecture such as ARM or x86. * Look for strings/information inside the .so shared object library files. * **META-INF/** * Folder contains manifest file, certificate of APK signature, and list of all the files in the APK along with their checksums * **Assests/** * Folder contains additional app data files such as sound and video that are not compiled into the APK. * **res/**: Folder contains the app resources such as layouts, strings, and images in their original format before being compiled into Resources.arsc file. * Look for Hardcoded secrets in the resources/values/strings.xml * Strings: API, Key, SQL, password, pass, AWS, http, firebase, secret, etc. * **Android System Files:** * Folder Contains system level files such as Android Runtime, framework libraries, and system components that the app may use. ## Android Application Security * Every Android app can be reverse engineered, rebuilt, re-signed, and re-run * This means that an attacker can modify application functionality. * JADX-GUI or ApkTool can be used to obtain the source code. * Developers * Jave/Kotlin -> DEX Bytecode * Reverse Engineers * DEX Bytecode -> SMALI -> Decompiled Java

## Application Signing * To ensure an application's integrity, we use Public-Key cryptography. * Three methods of verifying signatures: * APK Signature scheme v1, v2, v3. * Google implemented Google Play signing which adds unique signatures to the apps. * keytool, jarsigner, zipalign