The Android operating system and its vulnerabilities.
The Android operating system, how it works and its vulnerabilities. Join me and find out what are the biggest flaws in this operating system.
For years the Android operating system has managed to position itself at the top of the operating systems par excellence in smartphones. It is preferred in many regions of the world as the most widely used mobile operating system; countries such as France, Germany, the United States and the United Kingdom have topped this list for a long time.
Of course, there is a reason for this; and that is that the Android operating system has proven to be one of the most reliable on the market; however, what about those vulnerabilities that may be overlooked and are undoubtedly a big risk? Find out!
The evolution of the Android operating system
The Android operating system started as a small company that originated in California in 2003; it was not until 2007 that Google bought Android; in addition to 47 other small hardware, software and telecommunications companies. From this came the first version of Android 1.0, being open source and free to download, it quickly became popular.
At first Android was more oriented towards the development of digital cameras; and according to its creators. Android was to serve “smarter mobile devices that can be aware of the location and interests of users”.
After digital cameras lost popularity in the market; Android decided to change the direction of the company and direct it towards the use of mobile operating systems. Android started out using Linux, indicating that it could be used by third parties for free.
Fast forward to today and after more than a decade after the first release of the Android 1.0 device; it launched the Android 11.0 version of the operating system; revolutionizing and being one of the leaders in mobile software on the market today.
How does the Android operating system work?
As mentioned above, this operating system is open source based on the Linux Kernel; this means that it is a free multisystem and adaptable to many types of devices. This indicates that it has great potential for development; both for this and many other areas of application.
This operating system has some characteristics that identify it; in the first place, we have the application framework, which is responsible for the recycling and replacement of the components of this; we also have the integrated browser, which is based on a search engine “open Source Webkit”; in the same way is the multimedia; which is the way to support all those video files, image and audio; which are compatible with MPEG4, H.264, MP3, AAC, AMR, JPG, PNG and GIF.
There is also the Dalvik virtual machine, which is a call base very similar to Java; SQlite is also another of these features; in short it is a database for storage which is used in an integrated way to the applications; the notification management is another feature; which is responsible for the applications can display custom alerts in the status bar. On the other hand, we have the features that depend on the terminals; these are: GSM telephony, Bluetooth, EDGE, 4g, Wifi, Camera, GPS, compass and accelerometer; among others.
How does Android secure its operating system?
This security is applied throughout the architecture of the operating system; some aspects of this security are:
- Application Sandbox: this means that Android implements the technique of “least privilege” which means that each application is executed having access strictly to what is necessary; i.e. applications do not have access to other features of the operating system if it does not need it.
- Application Signing: it is a kind of digital signature that every application must have; moreover, only its developer can know about it; at the same time, they need a certificate that validates the origin of the keys used by its developers. Android uses these certificates to know when different applications were made by the same developer; thus facilitating the task of assigning permissions and running processes simultaneously.
- Permissions: the solution offered by Android to this measure contributes significantly to the security of the operating system; but how? Well. it is done as an application requests permission for certain functions necessary to run, such permissions are granted depending on the certificate it has; permission can also be given when the user directly grants it by giving the “allow” option.
- Permission delegation: Android uses two mechanisms to delegate permissions between two applications; these are: pending intents and URI permissions. The pending intents; consists of a developer defining an intent to perform an action as it usually happens; however, instead of letting the intent perform an action; it is passed to a special method that creates an object.
Vulnerabilities within the Android system.
Looking back at the above information; we can see that Android has a good basis for the security of its operating system; however, we also learned an important detail; which is that it is an open system. The problem with this open system is that anyone can create applications; as well as create unofficial applications that end up being harmful.
To make a count of the security flaws that Android has had over time. We will start in year 2018; there were a total of 517 flaws involving the security of the operating system; however, that referred a decrease in vulnerabilities with respect to the previous year.
During the same year 2018; a quite important vulnerability was found as RAMpage; which had the power to modify stored data; causing thousands of information losses in users.
Among the countries that have detected the most malware in the Android operating system are: Russia, Iran and Ukraine; among Latin American countries are: Mexico, Peru and Brazil. In the same way the most frequently found malicious elements were:
- SMS Trojan viruses
- Advertising modules
With this information we can realize that no structure, no matter how powerful and popular it is; is spared from the vulnerabilities that exist in the network, both on the Internet and mobile. However; it is the ability of these same companies to detect and correct these same vulnerabilities. And soon avoid the possible loss of information and bad experiences of the users.