Hi, can't give you answers for all questions, but from what I know: 2. I must create a service component running in the background. > This must periodically poll every running App and compare its function > call flow against my rule set RDB. > > Ouh...don't think so. The Android maxime is a bit of "all applications are equal" and I can't imagine how an application could be capable of reading another application's programmatic control flow; would basically need to analyse the DVM call stack?! But the VMs are sandboxed from each other...so even if it was possible in theory, android's security architecture would not allow this.
> 3. Can I achieve all this with just the Android SDK? Or will I > have to use the Android NDK as well? I don't want to use the NDK > unless I have to. > > I doubt that it is possible by any kind of monitoring application. Probably, you need to modify the framework itself. But I don't know exactly. > 4. I went through the very helpful tutorial "Understanding > Android's Security Framework" by William Enck and Patrick McDaniel. > Is this a new Framework introduced into the Android Libraries layer? > > That's just a description how Android's security architecture works. There's also some papers from Shabtai et al. that focus on Android's security model. Cheers, David -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/tgeF6zy9BRwJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
