Understand Android OS¶
Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance and commercially sponsored by Google.
More than 3 Billion Devices are working on android system and as we know more the use of technology more attack surface for hackers.
Android Architecture¶
Android operating system runs on top of Linux. There are a number of components required to run any operating system. In the following architecture diagram, we can see that the Android operating system consists of a number of components that are divided into five sections and four main layers. Linux Kernel is one of the components that provide basic operating system functions to smartphones. Dalvik Virtual Machine (DVM) provides an application platform for Android.
Application¶
It is the top-most layer of the Android architecture. This layer consists of native Android apps as well as apps installed by third parties. The Android package contains all the applications to be installed such as contacts, games, settings, and messages, which are all written in this layer. messages. These applications run within the Android runtime, using the classes and services provided by the application framework.
Application Framework¶
In addition to the Android OS, the Android framework exposes the underlying libraries and features of the device through a Java API. Application Framework includes several classes used to create the Android application. Also, it provides a generic abstraction to Hardware resources and helps in managing the user interface with application resources. Application Framework provides different types of services like Activity Manager, window manager, content provider, location manager and some others.
Libraries¶
This component contains libraries that are used to provide some additional features or functions to the application. Let's take the example of SQLite library,this library is responsible for performing database operations such as storing, retrieving or updating data on android applications.
Android Runtime¶
Android Runtime is responsible for running the android application. Android Runtime consists of two different components called core libraries and Dalvik Virtual Machine ( DVM ). The Android application relies on the core libraries to power its framework and uses the core libraries to power the android application. Running Android applications is actually done by the Dalvik Virtual Machine ( DVM ).
Linux Kernel¶
Linux kernel is the core of the android architecture. The Linux kernel is responsible for allocating Hardware resources to the android application. It also contains the drivers required by android applications so the management of drivers is also done by the Linux Kernel.
App Compilation Process¶
Java source code is compiled by Java Compiler which uses the JIT- 'Just-In-Time' compilation model. After compilation with JIT, source code convert into bytecode with .class files. .class files again sent for compilation in the sense of minimizing code. The bytecode gets executed by target-specific-JVM (Java Virtual Machine) which is a runtime environment for Java.
In android we use two virtual machines as Dalvik & ART
ART was introduced with release of Android 4.4 (Kitkat) but before that android was use Dalvik which is runtime environment.
There are several reasons of ART is better than Dalvik. Dalvik is use JIT compilation model which compiler app everytime when user open it so process became slower. where as ART is use ahead of time compilation mode which compiles the apps to machine code upon installation. so the process became faster and app starts faster ART also manage better garbage collection so memory management process also improved. The installation process is slow with ART as apps to machine code conversion takes time. Compiling the code upon installation means that the app has to ‘live' on your device. So, for a relatively smaller Java code the machine or the bytecode will be comparatively large.
Firstly we have resources of app which may include images, external files etc. with the help of aapt(android assets packaging tool) convert them into R.java(Refers to Resource.java). on other hand we have AIDL(Android Interface Definition Language) files which include IPC Communication Information that converts into JAVA interfaces. At last we have source code of app. R.java + Source_Code + Java_Interface compiled with java compiler and convert them into .class files
Optionally developer can use tools like ProGuard Tool to minimize the code which become unclear and hard to understand this technique also called obfuscation. Regardless of the use of ProGuard you once again end up with .class files (minimized bytecode). other than this .class bytecode and 3rd party libraries directly convert to dex (Dalvik Executable) bytecode which also minimize the code.
The device's runtime read these dex files and recompile some of the files to machine code for the fastest possible execution. On DALVIK this step happens as the app runs using Just-In-Time. On the newer ART, the recompilation (or translation to machine code) happens when the app is first installed, meaning that the app can run faster when the user runs it on device.
At last we have dex files which Contain source, Compiled resources and non compiled resources by using apk builder we can convert them into apk.