Open in app

Sign in

Write

Sign in

Android Pentesting: #1 Anroid Architectures

Muhammad Mater
7 min readApr 23, 2023

Hello Researchers

I’ll talk about Android penetration testing in my blog here.

Topic of this article: Android Architecture

In any job you have, you have to be aware of the work environment. For example, to repair a car, a machinist must understand how the car works, its architecture, and its components.

The machinist has to understand how these things work together so that he can easily identify the error that makes the car not work.

The same happened in Android pentesting. Before diving into penetration testing and security, we must understand the Android environment. There are a few key concepts you should be familiar with before getting started in Android pentesting.

Did you know that Google Android is the most popular mobile operating system around the globe

Android is the most used operating system and has the largest share of the market

This makes it the best target for an attacker because Android has the largest number of users.

Android is based on the Linux operating system, which means

Your Android phone can take commands just like any Linux device.

like

ls,cd,rm

You should know some Linux basics, like the file permissions model in Linux.

Permissions to folders and applications are dependent on the Linux

You should also be familiar with the differences between normal users and the root user and how groups work in Linux.

Like Linux, Android is open-source. This means that you can directly inspect the source code.

The home page for the Android Open Source Project can be found at this link:

SOURCE

VM in Android

Every application is run in a virtual machine known as the Android Runtime.

Before explaining what Android Runtime, or ART, is

Let’s talk about Dalvik.

What is Dalvik?

Dalvik is a virtual machine that runs Android applications. It was the default virtual machine in Android before version 5.0 (Lollipop) and was later replaced by the Android Runtime (ART).

Dalvik was designed specifically for the Android operating system and is optimised for mobile devices with limited resources, such as memory and processing power. It was named after a village in Iceland where its developer, Dan Bornstein, once lived.

Back Again to ART or Android Runtime

ART is the runtime environment used by the Android operating system to execute applications. It is responsible for translating the Java-based code used by Android applications into executable code that can run on the device’s hardware.

ART is the modern translation layer from the application’s bytecode to device instructions.

Android Architectures

As you can see from this image

There are several general layers in the Android OS, each of which has a specialised set of functionalities.

Major Layers :

Linux Kernel

Hardware Abstraction Layer (HAL)

Libraries

Java API Layer

System Apps

The Linux kernel layer is the underlying layer that ties all of the upper layers together. The Linux kernel is a crucial part of the Android architecture, forming the base layer of the operating system. Android is built on top of the Linux kernel, which provides essential functionalities such as memory management, process management, network stack, security, and device drivers.

The Linux kernel layer in the Android architecture interacts with the underlying hardware, which includes the device’s processor, memory, storage, and other components. It is responsible for managing the device’s resources, scheduling tasks, and controlling input and output operations.

The Linux kernel also provides a layer of security to the Android system by implementing various security features such as access control, user and group permissions, and secure boot. It ensures that only authorised users and processes can access sensitive data and system resources.

The Android architecture, built on top of the Linux kernel, provides several additional layers, including the Hardware Abstraction Layer (HAL), the Android Runtime Layer, and the Application Framework Layer, which work together to provide a complete operating system and application platform.

Overall, the Linux kernel is an integral part of the Android architecture, providing the essential low-level functionalities that enable Android devices to run smoothly and securely.

Hardware Abstraction Layer HAL

The HAL layer is an essential component of the Android architecture that provides a standardised interface between the Android platform and the hardware of the device, allowing developers to build apps that can run on different hardware platforms without requiring any modifications.

For example, if an app needs to access the camera, it can use the camera API provided by the HAL layer to communicate with the camera hardware, regardless of the specific device it is running on. This abstraction layer simplifies the development process and makes it easier for developers to build apps that can run on a wide range of devices.

Native C and C++ Libraries

Native Libraries Layer: This layer consists of a set of pre-built native libraries such as Surface Manager, Media Framework, SQLite, OpenGL ES, and Bionic (a custom implementation of the C library).

Native C and C++ Libraries provide a set of pre-built native libraries written in C and C++ programming languages that can be used by developers to improve the performance of their Android applications. These libraries are compiled into native machine code that can run directly on the device’s processor, which can be faster than interpreted code. Developers can use these libraries to perform high-performance operations such as image processing, audio processing, and more.

does not require a VM.

Android Runtime vs. Native C and C++

Android Runtime (ART) and Native C and C++ are both components of the Android operating system that serve different purposes:

ART is the runtime environment used by Android to execute Android applications written in the Java programming language. ART uses ahead-of-time (AOT) compilation to improve the performance of Android applications.

Native C and C++ libraries provide a set of pre-built native libraries written in C and C++ programming languages that can be used by developers to improve the performance of their Android applications. These libraries are compiled into native machine code that can run directly on the device’s processor, which can be faster than interpreted code.

In terms of performance, native C and C++ libraries generally offer better performance than ART because the code is compiled to native machine code. However, the use of native C and C++ libraries can be more complex and requires more expertise than using ART.

Developers can use ART to run the majority of the application code written in Java and use native C and C++ libraries to perform high-performance operations that require native code, thus optimising the performance of their Android applications.

Older apps are built in Java; newer ones are often built in Kotlin.

Java API layer

The Java API layer is part of the framework layer. The framework layer provides a set of APIs that developers can use to build Android apps. The Java API layer specifically refers to the set of APIs that are written in the Java programming language and are used to interact with the Android platform.

The Java API layer includes components such as the Activity Manager, Window Manager, Package Manager, Content Providers, and Resource Manager. These components provide a set of functionalities that developers can use to build Android apps.

For example, the Activity Manager component manages the lifecycle of Android apps and provides APIs that allow developers to start, stop, and manage the different activities within an app. The Window Manager component manages the display of the app’s user interface and provides APIs that allow developers to create, update, and manipulate the app’s user interface.

Similarly, the Package Manager component manages the installation, upgrade, and removal of Android apps and provides APIs that allow developers to query information about installed apps. The Content Providers component provides a standardised interface for accessing data across different apps and allows developers to share data between apps.

System application layer

The system application layer is a part of the application layer in the Android architecture. It includes system apps that are pre-installed on the device by the manufacturer or the operating system vendor. These apps are an essential part of the Android platform and provide a set of core functionalities that users expect to be available on their devices.

Some of the system apps that are included in the System Application Layer are:

Phone: This app allows users to make and receive phone calls, send, and

Camera: This app provides access to the device’s camera hardware and allows users to take photos and record videos.

Gallery: This app allows users to view and manage their photos and videos.

THE END For today

Follow me on Twitter

https://twitter.com/micro0x00

See You Soon

Android Pentesting
Android
Pentesting

--

--

Muhammad Mater

Written by Muhammad Mater

1.2K Followers

Just a Boy Loves Infosec (REDTEAM, CTI, OSINT, Bug Bounty) And Security Analyst @Darkentry.net

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams