【正文】 all others are ponents perform background processing. When an activity needs to perform some operation that must continue after the user interface disappears (such as download a fle or play music), it monly starts a service specifcally 29 designed for that action. The developer can also use services as applicationspecifc daemons, possibly starting on boot. Services often define an interface for Remote Procedure Call (RPC) that other system ponents can use to send mands and retrieve data, as well as register callbacks. Content provider ? ponents store and share data using a relational database interface. Each content provider has an associated “authority” describing the content it contains. Other ponents use the authority name as a handle to perform SQL queries (such as SELECT, INSERT, or DELETE) to read and write content. Although content providers typically store values in database records, data retrieval is implementationspecifc—for example, fles are also shared through content provider receiver? ponents act as mailboxes for messages from other applications. Commonly, application code broadcasts messages to an implicit destination. Broadcast receivers thus subscribe to such destinations to receive the messages sent to it. Application code can also address a broadcast receiver explicitly by including the namespace assigned to its containing application. Figure 1 shows the FriendTracker and FriendViewer applications containing the diferent ponent types. The developer specifes ponents using a manifest fle (also used to defne policy as described later). There are no restrictions on the number of ponents an application defnes for each type, but as a convention, one ponent has the same name as the application. Frequently, this is an activity, as in the FriendViewer application. This activity usually indicates the primary activity that the system application launcher uses to start the user interface。 although doing so on a mobile platform such as Android remains nontrivial, many researchers hope it provides a clean slate devoid of the plications that legacy software can cause. Android doesn’t ofcially support applications eloped for other platforms: applications execute on top of a Java middleware layer running on an embedded Linux kernel, so developers wishing to port their application to Android must use its custom user interface environment. Additionally, Android restricts application interaction to its special APIs by running each application as its own user identity. Although this controlled interaction has several benefcial security features, our experiences developing Android applications have revealed that designing secure forward. Android uses a simple permission label assignment model to restrict access to resources and other applications, but for reasons of necessity and 28 convenience, its designers have added several potentially confusing refnements as the system has article attempts to unmask the plexity of Android security and note some possible development pitfalls that occur when defning an application’s security. We conclude by attempting to draw some lessons and identify opportunities for future enhancements that should aid in clarity and Applications The Android application framework forces a structure on developers. It doesn’t have a main() function or single entry point for execution—instead, developers must design applications in terms of ponents. Example Application. We developed a pair of applications to help describe how Android applications operate. Interested readers can download the source code from our web Let’s consider a locationsensitive social working application for mobile phones in which users can discover their friends’locations. We split the functionality into two applications: one for tracking friends and one for viewing them. As Figure 1 shows, the FriendTracker application consists of ponents specifc to tracking friend locations (for example, via a Web service), storing geographic coordinates, and sharing those coordinates with other applications. The user then uses the FriendViewer application to retrieve the stored geographic coordinates and view friends on a applications contain multiple ponents for performing their respective tasks。在我們的例子， FriendTracker 結(jié)合到系統(tǒng)中的服務(wù)器位置的管理。服務(wù)組件支持啟動(dòng)，停止，并結(jié)合行動(dòng)，所以 FriendTrackerControl 活動(dòng)，例如，可以啟動(dòng)和停止 FriendTracker 服務(wù)在后臺(tái)運(yùn)行。 可用的 ICC 的動(dòng)作取決于目標(biāo)的組成部分。在許多方面， ICC 是類似于進(jìn)程間通信（ IPC）在基于 Unix 的系統(tǒng)中。在每一種情況下，發(fā)起一個(gè)組件與其他的溝通。 Android 系包括附加目標(biāo)的決議規(guī)則，但可選的數(shù)據(jù)操作字符串類型是最常見的。例如一個(gè) view 動(dòng)作字符串，在一個(gè) intent 中和數(shù)據(jù)域指向一個(gè)圖像文件，系統(tǒng)將會(huì)直接指首選圖像瀏覽器、 26 開發(fā)者也能使用動(dòng)作字符串進(jìn)行大量廣播發(fā)送和接收。在后一種情況下，系統(tǒng)決定了一個(gè) action 的最佳組件，通過考慮安裝的應(yīng)用程序和用戶的選擇 。 Android 的一個(gè)最強(qiáng)大的特點(diǎn)是允許的多種 intent尋址機(jī)制。這個(gè)過程中內(nèi)部組件通信稱為一個(gè)動(dòng)作。 Android 的 API 定義了他的方法中傳入intent ， 并 使 用 該 信 息 來 啟 動(dòng) 一 個(gè) activity 例 如 開 始 一 個(gè)activity(startActivity(intent)) ，啟動(dòng)服務(wù)（ startService（ intent））和廣播信息（ sendBroadcast（ intent））。此外，通過分離程序功能和接口，我們可以創(chuàng)建不同的顯示和功能，可選用戶界面是，許多應(yīng)用程序可以重用這些來自 FriendTracker 的功能。 FriendReceiver 將會(huì)等待接收附近的手機(jī)發(fā)送的消息這個(gè)消息來一個(gè)所指定的朋友。 該 FriendViewer 應(yīng)用主要是顯示有關(guān)好友的位置的信息。在我們的示例代碼中，位置是我們隨機(jī)生成的，但直接通過網(wǎng)絡(luò)連接組件接口的服 務(wù)。 在 FriendTracker 應(yīng)用包含四種類型的組件。在在 FriendTracker 應(yīng)用，例如， FriendTrackerControl 活動(dòng)被標(biāo)記為主用戶界面的啟動(dòng)點(diǎn)。這一動(dòng)作通常指示主 activity作為該系統(tǒng)應(yīng)用程序啟動(dòng)器用于啟動(dòng)用戶界 面 。上有一個(gè)應(yīng)用程序的組件的數(shù)量沒有限制定義每種類型，但作為習(xí)慣，一組件應(yīng)具有相同的名稱該應(yīng)用程序。 圖 1 顯示了 FriendTracker 和 FriendViewer 應(yīng)用所包含的不同的組件類型。因此，廣播接收器訂閱這些目的地接收發(fā)送給它的消息。 Broadcast receiver 該組件作為為從郵件信箱發(fā)送信息給他應(yīng)用程序。其他組件使用時(shí)作為一個(gè) handle 執(zhí)行 SQL查詢（如 的 SELECT， INSERT 或 DELETE 內(nèi)容。 Content 組件存儲(chǔ)和共享數(shù)據(jù) 用關(guān)系數(shù)據(jù)庫接口。當(dāng)一個(gè)活動(dòng)需要進(jìn)行一些操作，在用戶界面消失以后（如下載一個(gè)文件或播放音樂），它通常采取此種動(dòng)作特殊設(shè)計(jì)的服務(wù)。在一時(shí)間只有一個(gè)鍵盤的系統(tǒng) Activity 可以進(jìn)行處理，在這個(gè)時(shí)候所有其他的 Activity 都會(huì)被暫停。通常，應(yīng)用程序開發(fā)者定義每一個(gè)活動(dòng)“畫面。 Android 系統(tǒng)定義了 4 種組件類型。 FriendTracker 和 FriendViewer 應(yīng)用由多個(gè)不同類型的組件，每個(gè)提供一個(gè)不同的組功能。 圖 1。