ch4 related soa

2_background/5_platform_classes.typ

@@ -0,0 +1,21 @@
+#import "../lib.typ": SDK, API, API, etal
+
+== Platform Classes <sec:bg-platform>
+
+In addition to the classes they include, Android applications have access to classes provided by Android.
+Those classes are called _platform classes_.
+They are devided between #SDK classes, and hidden #API.
+The #SDK classes can be seen as the Android standard library.
+They are documented by Google, and have a certain stability from version to version.
+In case of breaking changes, the changed are listed by Google as well.
+The list of #SDK classes is available at complite time in the form of a `android.jar` file to link against.
+
+On the opposite, hidden #API are undocumented methods used internally by Android.
+Still, they are loaded by the application and can be used by it.
+Thus, they are a potential blind spot when analysing an application.
+However, not a lot a research has been done on the subject.
+Li #etal did an empirical study of the usage and evolution of hidden #API~@li_accessing_2016.
+They found that hidden #API are added and removed in every release of Android, and that they are used both by benign and malicious applications.
+More recently, He #etal~@he_systematic_2023 did a systematic study of hidden service #API related to security.
+They studied how the hidden #API can be used to bypass Android security restrictions and found that although Google countermeasures are effective, they need to be implemented inside the system services and not the hidden #API due to the lack of in-app privilege isolation: the framework code is in the same process as the user code, meaning any restriction in the framework can be bypassed by the user.
+Unfortunately those two contributions do not explore further the consequences of the use of hidden #API for a reverse engineer.