NDK
C / C++Interfaces to Java classes definitionJNI to integrate with Java applicationOpenGL C++
středa, 3. dubna 13
NDK PURPOSE
Not suitable for every app developmentNot necessarily faster than Java (relative)2D / 3D game enginesPre-implemented algorithms3RD party (media codecs, crypto, opencv)
středa, 3. dubna 13
JNI
Java Native InterfaceNot only “Android thing”Bi-Directional APIJavac for SDK, GCC/G++ for NDK
středa, 3. dubna 13
JNI USAGE[Java] System.loadLibrary(String)[Java] keyword “native”
native {type} functionName({args})eg. native String getUname();
[C/C++] jclass, jstring, jobject, jint[C/C++] JNIEnv, JavaVM
středa, 3. dubna 13
NDK DEBUGGING
Same debug process as with SDKBreakpoints, Expressions, StacktracesSeparated from SDK
separately raised exceptions and debuggingcan’t trace in hybrid java/native complex
středa, 3. dubna 13
NDK PERMISSIONS
No special NDK permissionsPermissions inherited from AndroidManifest.xml
středa, 3. dubna 13
NDK SECURITY
Kernel-level sandboxingJava VM Zygote - Single control processMore vulnerable than SDK (app->system)Most ROM cracked through NDK/JNI
středa, 3. dubna 13
ANDROID SECURITY
Application SandboxingProcess runtime separation (POSIX)Applications are given unique UID and GIDZygote controls resources/libraries usageAPK is signed (SSL manner)Application permissions
středa, 3. dubna 13
APPLICATION PERMISSIONS
Enforced on Framework levelCannot be changed on runtimeBoth Hardware and Software permissionsApplication can create new permissions
středa, 3. dubna 13
PERMISSIONS PROTECTION
On application defined permissionsprotectionLevel
0 - normal - no special confirmation1 - dangerous - may require confirm.2 - signature - required signature match3 - signatureOrSystem - special
středa, 3. dubna 13
DEVICE ADMINISTRATION
Special type of permissionAntivirus apps (ESET, Lookout)Lock, Wipe, Password (renewal, change, expire,...)Disable camera, Encrypt storage, Requires standalone confirmationsince API 9
středa, 3. dubna 13
ANDROID VULNERABILITY
SharedPreferences are plain XMLSQLite databases are plain .sqlite filesJava is easily decompilable (JD)Android DEX is too (Dex2JAR, dedexer)strings, layouts, drawables are plain xml/bitmapMITM predisposition
středa, 3. dubna 13
SECURING APPLICATIONS
ProGuard (obfuscating code)In-App-Billing security (LVL)OAuth (OpenID, Google APIs)Including SSL certificates in app bundle (not relying on system provided ones)
středa, 3. dubna 13
SECURING SOLUTION
Secure your APIAPI is not hidden from attackers
Secure sensitive data in databases and storages (asymmetric crypto is your friend)You cannot just include key-pairYou cannot hide passwords in code
středa, 3. dubna 13
JAVA HEAPApplications are given memory limitDiffers by device, api level and hw params
typically between 16 and 32 MBtablet PCs and high-ends have more
Exceeding leads to OutOfMemoryErrorBeware of (bad) working with bitmaps
středa, 3. dubna 13
MEMORY LEAKS
Garbage Collector is not a solutionContext memory leaks
Objects are assigned context but not cleaned upBeware of static class memberBeware of attaching to application context
středa, 3. dubna 13
LEAK DESTRUCTION
dump HPROFHeap Allocation Profile
Eclipse MATMemory Analyzer Tool
středa, 3. dubna 13
Top Related