Showing posts with label Zygote Virus. Show all posts
Showing posts with label Zygote Virus. Show all posts

Wednesday, 12 July 2017

Zygote | Zygote Android - Rise Of Mobile Threats



There is a very amazing part of Android Operating system named as zygote android. Well if you have been an employee of android before then you must have worked on running the ps command and should have seen that all the applications of android have the same parent PID or say PPID. A very different approach is used by android to start a process and to ensure that the application startup is snappy. This whole process is named as ZYGOTE and all the android applications are derived from it.

Zygote Android Virus
Zygote Android Virus

Why Zygote?

Every process in android starts by forking the parent process which then goes through numerous setup steps and this also includes loading of libraries and resources.  This process consumes a lot of time and is very hard to notice on our desktops. This process setup is noticeable to the end users and also not all devices are of high spec in case of Android. Therefore to normalize the process, startup time on various devices starts the Android cold process during OS startup because of it only the applications are forked whenever required. This full process is called as Zygote in Android.

Zygote Startup?

The Android device is kept to switch on mode and after all the booting process the init system starts the process and runs the /init.rc file to setup various environment variables, mount points and start native daemons etc. During the execution of init.rc this is the time when the Zygote is started.
The initialization of Zygote can be easily simplified into following steps:
1.      Register Zygote socket (listens for connections on /dev/socket/zygote) for requests to start new apps.
2.      Preloads resources.
3.      Preloads all java classes.
4.      Opens the socket.
5.      Starts the system server (not covered in this post).
6.      Listens to the connections.