2021-10-24 02:10

Android Application Fundamentals

Android applications are written in the Java programming language. The Android SDK tools compile the code—along with any data and resource files—into an Android package, an archive file with an .apk suffix. All the code in a single .apk file is considered to be one application and is the file that Android-powered devices use to install the application.

However, as the importance of the data and services our cell phones support increases, so too do the opportunities for vulnerability. Itrsquo;s essential that this next generation of platforms provide a comprehensive and usable security infrastructure. Developed by the Open Handset Alliance (visibly led by Google), Android is a widely anticipated open source operating system for mobile devices that provides a base operating system, an application middleware layer, a Java software development kit (SDK), and a collection of system applications. Although the Android SDK has been available since late 2007, the frst publicly available Android-ready “G1” phone debuted in late October 2008. Since then, Androidrsquo;s growth has been phenomenal: TMobilersquo;s G1 manufacturer HTC estimates shipment volumes of more than 1 million phones by the end of 2008, and industry insiders expect public adoption to increase steeply in 2009. Many other cell phone providers have either promised or plan to support it in the near future.

A large community of developers has organized around Android, and many new products and applications are now available for it. One of Androidrsquo;s chief selling points is that it lets developers seamlessly .extend online services to phones. The most visible example of this feature is—unsurprisingly—the tight integration of Googlersquo;s Gmail, Calendar, and Contacts Web applications with system utilities. Android users simply supply a username and password, and their phones automatically synchronize with Google services. Other vendors are rapidly adapting their existing instant messaging, social networks, and gaming services to Android, and many enterprises are looking for ways to integrate their own internal operations (such as inventory management, purchasing, receiving, and so forth) into it as well.

Traditional desktop and server operating systems have struggled to securely integrate such personal and business applications and services on a single platform; although doing so on a mobile platform such as Android remains nontrivial, many researchers hope it provides a clean slate devoid of the complications that legacy software can cause. Android doesnrsquo;t offcially support applications eloped for other platforms: applications execute on top of a Java middleware layer running on an embedded Linux kernel, so developers wishing to port their application to Android must use its custom user interface environment.

Additionally, Android restricts application interaction to its special APIs by running each application as its own user identity. Although this controlled interaction has several benefcial security features, our experiences developing Android applications have revealed that designing secure forward. Android uses a simple permission label assignment model to restrict access to resources and other applications, but for reasons of necessity and convenience, its designers have added several potentially confusing refnements as the system has evolved. This article attempts to unmask the complexity of Android security and note some possible development pitfalls that occur when defning an applicationrsquo;s security. We conclude by attempting to draw some lessons and identify opportunities for future enhancements that should aid in clarity and correctness.

Once installed on a device, each Android application lives in its own security sandbox:

The Android operating system is a multi-user Linux system in which each application is a different user.

By default, the system assigns each application a unique Linux user ID (the ID is used only by the system and is unknown to the application). The system sets permissions for all the files in an application so that only the user ID assigned to that application can access them.

Each process has its own virtual machine (VM), so an application#39;s code runs in isolation from other applications.

By default, every application runs in its own Linux process. Android starts the process when any of the application#39;s components need to be executed, then shuts down the process when it#39;s no longer needed or when the system must recover memory for other applications.

In this way, the Android system implements the principle of least privilege. That is, each application, by default, has access only to the components that it requires to do its work and no more. This creates a very secure environment in which an application cannot access parts of the system for which it is not given permission.

However, there are ways for an application to share data with other applications and for an application to access system services:

It#39;s possible to arrange for two applications to share the same Linux user ID, in which case they are able to access each other#39;s files. To conserve system resources, applications with the same user ID can also arrange to run in the same Linux process and share the same VM (the applications must also be signed with the same certificate).

An application can request permission to access device data such as the user#39;s contacts, SMS messages, the mountable storage (SD card), camera, Bluetooth, and more. All application permissions must be granted by the user at install time.

That covers the basics regarding how an Android application exists within the system. The rest of this document introduces you to:

The core framework components t

设计(论文)题目: 手机APP酒店住宿的开发

2019年 4月 4 日



由开放手机联盟(open Handset Alliance 谷歌领导)所开发的android 系统是一个被广泛看好的一个手机开源系统,该系统提供一个基本的操作系统,一个中间件应用层,一个java开发工具和一个系统应用收集器(collection of system applications )。尽管android SDK自2007年就发布了,但是第一部android 手机却在2008年10月才诞生。自从这时起谷歌开起了自己的时代,T-Mobile的G1的制造商台湾 HTC估算G1的发货量在2008年底已经超过100万部。据业内人士预期该G1手机的销量将会在2009年继续保持。不久的将来其他许多手机供应商要计划支持这个系统。


传统的台式机和服务器的操作系统一直在努力进行安全功能的集成。这些个人和商业应用在单一平台的很出色,然而这一块业务一个手机平台上像android上不是很有用。它给了许多研究人员希望。Android没有停在为其他平台体用应用支持:应用的执行依赖于顶层JAVA中间件,这个中间件运行在嵌入式Linux 内核之上。所以开发人员要把他们的应用部署到Android必须使用其自定义的用户界面环境。

此外,android系统应用限制各应用相互调用API协作,并且对方为自己的用户应用进行身份验证。尽管这些应用有一定的安全特性,我们一些有经验的开发人员开发android应用人士透露,设计安全应用程序并不总是直线前进的。Android使用一个简单的 许可标签分配模式限制访问的资源,但其他应用程序的原因必要性和便利,其 设计师们增加了困惑对这个系统。本文试图对Android的安全的复杂性进行讲解,并注意一些可能的发展缺陷以及应用程序的安全。我们通过尝试得出一些经验教训,希望对未来的安全有用。














应用程序组件(Application Components)

Android的核心功能之一就是一个应用程序可以使用其它应用程序的元素(如果那个应用程序允许的话)。比如说,如果你的应用程序需要一个图片卷动列 表,而另一个应用程序已经开发了一个合用的而又允许别人使用的话,你可以直接调用那个卷动列表来完成工作,而不用自己再开发一个。你的应用程序并没有吸纳 或链接其它应用程序的代码,它只是在有需求的时候启动了其它应用程序的那个功能部分。



一个activity代表用户界面的一个独立屏幕。例如,一个邮件应用程序应该有一个 activity 用于显示新邮件列表,另一个 activity 用于撰写一封邮件,还有一个 activity 用于读取邮件。尽管所有activitie 协同工作以构成邮件应用程序的用户体验,但彼此之间相对独立。应次,不同的应用程序能够从任何一个 activity 启动 (只要邮件应用程序允许)。例如,用户需要分享一张照片,一个拍照应用程序能够启动邮件应用程序的 activity 。


service是在后台运行,执行长时间操作或者执行远程操作。service不提供用户界面。例如,当用户在另一个应用程序时,一个service可在后台播放音乐,或者是从网络上获取数据,而不阻断用户与当前 activity 的交互。其他组件,比如一个activity ,为了与该service互动,可以启动或者 绑定它。


内容提供者(Content providers)


参阅独立的内容提供者Content Providers章节获得更多关于使用内容提供者的内容。


广播接收器(Broadcast receivers)



激活组件(Activating Components)

四大组件中的三个组件——activities、services和broadcast receiver——是由一种叫intent的异步消息来激活的。这些intents在运行时(runtime)将这些属于你的程序或不同程序的单独的组件绑定在一起(bind),你可以把这些intents看作是需要其他组件的action的messengers。


对于activities和services,一个intent定义了要执行的操作(action)(比如,要“view”或者“send”什么)和要操作的数据的URI。比如,一个intent可能会为一个activity传递一个请求来展示一张图片或者打开一个网页。有时,你可以启动一个activity来得到返回的结果,在这个例子中这个activity的返回的结果也是一个Intent(例如,你可以发送一个intent让用户选择一个personal contact并返回给你——这个返回的intent就包含了一个指向用户选择的联系人的URI)。


最后一种组件类型content provider并不是由intent来激活的(activate)。而是由接收到ContentResolver的请求时激活的。





你可以通过调用ContentResolver的query()方法来执行一次content provider的查询操作。



[java] view plaincopy

lt;?xml version='1.0' encoding=

原文和译文剩余内容已隐藏,您需要先支付 20元 才能查看原文和译文全部内容!立即支付