Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

android native code security

Tags:

android

security

permissions

native

How does Android perform security checks on native code? Suppose we declare permission X in AndroidManifest.xml, does it mean we inherit that same permission X in our native code?

like image 455
dacongy Avatar asked Feb 28 '26 21:02

dacongy

1 Answers

How does Android perform security checks?

There are basically two ways the permissions are enforced.

  • First of all on kernel level: each installed app is assigned a unique (linux) user id and each time your app is started Android will spawn a process and sets the user id of that process to whatever your app userid is. Now accessing e.g. the filesystem or certain hardware features like network is enforced by using the standard linux group permission system. E.g. access to network is only allowed for a network group and your app user is part of that group if you request the network permission in your manifest.

  • Security in userspace like accessing certain ContentProviders or sending broadcast messages and so on simply can't be relayed to the OS. So once you call a method from either Java or native code you can be (pretty) sure that there is some software check in the end that ensures that you can't do things you have no permission for. The NDK API will most probably simply call (maybe indirectly) some Java method so there is probably no need to have separate checks for native and Java code (but Idk exactly how that is done).

It is likely that you can circumvent some of the Java checks by using native code like networking on the UI thread should work (if you have the network permission). It is also possible that there are loopholes that can only be exploited by using native code but that should be rare. It should not matter in the end what type of code you use.

@user827992

the NDK just produce some digested machine code for the dalvik, there aren't API available in C/C++ for Android; you don't have a problem about using a particular set of API that requires a certain permission because you simply can't even code that and access the API in the first place.

Not true, native code written in C/C++ is at compile time of the app compiled in native machine code for the CPU and at runtime executed directly by the CPU, no dalvik involved. You get back to dalvik if you call some Java method via JNI (through the NDK API) though. Also there is a lot of Android API available through the NDK, thats the reason it exists.

like image 168
zapl Avatar answered Mar 02 '26 14:03

zapl
Sign in to Comment

Related questions

Programmatic imageview and picasso
Can a normal native Android store app execute JIT code that I've generated myself, or does security prevent this?
Android SlidingTabLayout bad positioning with collapsing Toolbar
Change Properties of Sliding Tab Layout
Bitmaps added to ArrayList in wrong order
Scheduling recursive handlers from an IntentService for retrying http calls
cannot resolve setSpanSizeLookup for gridviewlayoutmanager
Not receiving result of Android In-App Purchase using API v3
How to use proguard in cordova android App
Cannot retrieve products from Google Play store with Fovea purchase plugin
Android realm.io: Row/Object is no longer valid
Redirect in Chrome Custom tab is not captured for deep link
"additional_test_output" from Android Instrumented Tests?
Getting Wifi SSID from ConnectivityManager NetworkCapabilities synchronously
Android debugSymbolLevel = { SYMBOL_TABLE | FULL } not working
How to fix Google code scanner throwing "MlKitException: Failed to scan code"
Play Console Pre-Launch Warning "Double splash screen"
Cannot resolve symbol "Intent"
What is causing the "error: attribute mapbox_styleUrl not found"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!