ANDROID PENTESTING SERIES PART 2 : Overview of Android Components
Components of Android
App components are the essential building blocks of an Android app. Each component is an entry point through which the system or a user can enter your app. These components are loosely coupled by the application manifest file AndroidManifest.xml that describes each component of the application and how they interact. The main components are :
An activity represents a single screen with a user interface, activity performs actions on the screen. It is similar to a windows in desktop application. An application contains one or more activities.
Everything that a user see in an android app is kind of being done via an activity. For example, user click on the Facebook app icon in smartphone, it will show a window with facebook feed, but internally system has started a
Launcher activity whose job is to show the user data in a certain format and also provide options to move to other activities like seeing notifications or messages. According to Android developer docs, An activity is a single, focused thing that the user can do.
More information about can be found here and here.
A service is a component that runs in the background to perform long-running operations. For example, a service might play music in the background while the user is in a different application, or it might fetch data over the network without blocking user interaction with an activity.
Content Providers are used to share data between the applications. A content provider component supplies data from one application to others on request. It is used to manage and persist the application data also typically interacts with the SQL database. They are also responsible for sharing the data beyond the application boundaries. The Content Providers of a particular application can be configured to allow access from other applications, and the Content Providers exposed by other applications can also be configured.
You can store the data in the file system, an SQLite database, on the web, or any other persistent storage location your app can access. Through the content provider, other apps can query or even modify the data (if the content provider allows it). Content Provider is useful in cases when an app want to share data with another app. It is much similar like databases and has four methods.
Broadcast Receivers simply respond to broadcast messages from other applications or from the system. For example, applications can also initiate broadcasts to let other applications know that some data has been downloaded to the device and is available for them to use, so this is broadcast receiver who will intercept this communication and will initiate appropriate action. They are known to be intent listeners as they enable applications to listen to the Intents that satisfy the matching criteria specified by developer or user. Broadcast Receivers make the application react to any received Intent thereby making them perfect for creating event-driven applications. Some other examples are screen has turned off, low battery.
Android Intent is the message that is passed between components such as activities, content providers, broadcast receivers, services etc. It is generally used with
startActivity() method to invoke activity, broadcast receivers etc. It is a powerful inter-application message-passing framework which is extensively used throughout Android. Intents can be used to start and stop Activities and Services, broadcast messages system-wide or to an explicit Activity, Service or Broadcast Receiver or to request action be performed on a particular piece of data.
The manifest contains key information elements about the application like activities, content providers, permissions etc.
Fragments are like parts of activity. An activity can display one or more fragments on the screen at the same time.