16 / 17 - Android

Question 1

What is AOSP?

Answer 1

Android Open Source Project (AOSP) - An initiative to guide the development of the Android platform.

Question 2

What is the Open Handset Alliance?

Answer 2

Coalition of different partners. Representation from different interests including mobile network operators, handset manufacturers, semiconductor and software vendors.

Question 3

What is the latest Android version and what is its name?

What is the Short Build Code?

Answer 3

Version: 10.0

Name: No code name

Short Build Code: FRF85B

Question 4

What version supports full disk encryption?

Answer 4

5.0 (Lollipop)

Question 5

What version supported enhanced security features (boot loader) incl. fingerprint reader?

Answer 5

6.0 (Marshmallow)

Question 6

What version supported File Based Encryption?

Answer 6

7.0 (Nougat)

Question 7

What version introduced Metadata encryption?

Answer 7

9.0 (Pie)

Question 8

What are the five layers of Android?

Answer 8

• Applications
• Android Framework
• Native Libraries / Android Runtime
• HAL (Hardware Abstraction Layer)
• Linux Kernel

Question 9

Explain the high level boot sequence?

Answer 9

1. System Start
2. Boot loader
3. Linux kernel
4. init process
5. Zygote and Dalvik
6. The Sytem Server

Question 10

What is verified boot?

Answer 10

Verified boot is a boot sequence where each piece of software in the sequence must be authenticated by the software that was previously verified. The aim of verified boot is to prevent modified, or unauthorized code being installed and run on a mobile device.

Question 11

In what version was app request introduced?

Answer 11

6.0

Question 12

What are the four permission levels?

Answer 12

• Normal
• Dangerous
• Signature
• Signature / System

Question 13

When was the first Android publicaly available?

Answer 13

2008

Question 14

What is ADB and ADBD?

Answer 14

ADB - Android Debug Bridge

ADBD - Android Debug Bridge Daemon

Enabling USB debugging starts the Android Debug Bridge (ADB) which facilitates communication between the Android device and examination machine. This enables the Android Debug Bridge Daemon (ADBD) to allow a Logical data extraction. Available from v4.2.2 or higher.

Question 15

What is MTP / PTP?

Answer 15

MTP: Media Transfer Protocol

PTP: Picture Transfer Protocol

Question 16

What means “Root”?

Answer 16

This is a procedure to gain super user privileged access to the root directory of the system.

Question 17

What are the user lock options?

Answer 17

PIN, Password, Pattern, Face Unlock or Fingerprint Unlock

Pattern stored as SHA 1 hash value stored in /data/system/gesture.key file. Password/PIN stored as SHA 1 hash value stored in /data/system/pc.key file.

Question 18

Android Pattern Recovery: What is the correct swipe pattern for the database entry: [6, 3, 4, 5, 8]?

Answer 18

7,4,5,6,9

Question 19

FBE device offers users two application storage areas. Which ones?

Answer 19

• Credential Encrypted (CE) storage => PIN code needed.
• Device Encrypted (DE) storage => for direct boot.

Question 20

Which version introduced adoptable storage?

Answer 20

Android 9

Question 21

Name the common Android partitions?

Answer 21

• /boot
• /system
• /recovery
• /data
• /cache
• /misc

Question 22

Name the common file systems?

Answer 22

• YAFFS2 /
• JFFS2
• EXT (Standard FS used by Android)
• FAT
• F2FS
• RFS

Question 23

Explain the SQLite journal file?

Answer 23

The rollback journal has the same name as the SQLite database but with a “-journal” appended. It is the rollback journal for a database.db. When a data transaction is being created, it writes the data to the rollback journal file and to the database.db. Upon successful completion of the transaction with the contents, the journal file (or their entries) gets deleted.

Question 24

Explain the SQLite Write Ahead Log?

Answer 24

Files ends with *.db-shm and *.db-wal. The write ahead log method operates by writing a copy of the browser2.db into the browser2.db-wal file. The original database content remains in the browser2.db and changes such as additions or deletions are made to the browser2.db-wal file. This ensures that if crash was to happen to the browser2.db-wal file, the original data would still be fine as it is stored in the browser2.db file. All transactions of data are appended or committed to the wal-file which increases in size over time. At some point in time, the wal-file will reach a certain predetermined size called a checkpoint and then an operation is performed to write all of the new transactions to the original . DB file. Typically, this occurs when the wal-file reaches a threshold of 1000 pages.

Question 25

For what are the *-SHM files?

Answer 25

That shared memory *.db-shm file is used to provide a block of shared memory for use by multiple processes who are accessing the same database in wal mode.

Question 26

What is the UID?

Answer 26

Unique User ID

Each application installed gets a unique User ID (UID). All applications run as a separate process operated in an individual sandbox which as a result limits its accessibility to system resources.

Question 27

How can an application uses APIs?

Answer 27

In order to use any of these APIs, the developer of the application most define its requirement in its manifest file. This will in turn prompt the user to accept or decline an applications permission request to access the protected API keys as part of the installation process.

Question 28

Where is the ICCID / IMSI stored on an Android device?

Answer 28

/Root/data/com.google.android.gsf/shared_prefs/CheckinService.xml

Question 29

Where is the DeviceInfoOSVersion stored in Android?

Answer 29

/Root/build.prop

Question 30

Where are timezone settings stored?

Answer 30

/Root/property/persist.sys.timezone

Question 31

What is used to decrypt WhatsApp with crypt5?

Answer 31

For crypt.5 the gmail account associated with the Android device is required to decrypt the WhatsApp messages.

Question 32

What is used to decrypt WhatsApp with crypt7, crypt8, crypt12?

Answer 32

Crypt7, Crypt8, Crypt12 key required for decryption from /data/com.whatsapp/files/key. Root access is needed!