• Android
• API
• Binder
• System Call
• Bridge
• Analysis
• ioctl

Android - an open-source operating system based on the Linux kernel and currently developed by Google - is widely the most used operating system for mobile devices. Although it has rich documentation for high-level APIs and applications development, some low-level mechanisms are still obscure, especially the functionality added to the Kernel in order to adapt it to run on mobile devices.

In this dissertation we give an overview of Android, focusing on one of the most peculiar feature: the Binder, which is the framework that provides the Inter-Process Communication mechanism. We analyse with special attention the low-level communication protocol, presenting some code and implementation details in order to better comprehend the working of this component.

We present Jarvis, a first version of a tool whose main purpose is to bridge the semantic gap between high-level Android APIs and low-level System Calls. To do this, Jarvis contains a classic kernel-level log mechanism with a smart component that deepen into Binder call in order to capture data exchanged among applications. It exploits all level of Android software stack to perform data interpretation. Jarvis operates in two phases: an on-line log collection and an off-line data analysis, hence it implements a filter mechanism for not overload Android kernel.

We carry out a first trial of mapping for few representative APIs to figure out if this kind of approach can be viable, if the key features of the tool - like filter and de-serializer - are effective and what are the main challenges.

Results show the substantial goodness of the approach, but also reveal some problem as far as concerns Android APIs that directly reproduce low-level functionality, because they produce recurrent pattern that may confuse the high-level behavior reconstruction. We suggest some way to improve the tool to increase powerful of it and to automatize mapping and rebuilding process.