Introduction : Open Source Software




Introduction: Open Source Software
In this 21st century software’s plays an important role in every field whether it is education, business or IT, but if a software is free, isn't  this amazing? Absolutely, keeping this thing in mind in 1998, a group associated with free software introduced the term “open source”.
Open source software is software that users have the ability to run, distribute, study and modify for any purpose. Open source is a collaborative software development method that harnesses the power of peer review and transparency of process to develop code that is freely
accessible. Open source draws on an ecosystem of thousands of developers and customers all over the world to drive innovation. Because, it is free to use, redistribute and modify, Source code is available to anyone, generally there are free of charge. A report by the Standish Group (from 2008) states that adoption of open-source software models has resulted in savings of about $60 billion per year to consumers. Libraries and Open Source Both: Believe that information should be freely accessible to everyone, Give away stuff, Benefit from the generosity of others; Make the world a better place. As consumers why do we care: Competition is good.  Why do care as industry:  Respect third party right, Maintain control over own IP, Flexibility of licensing and revenue models. Also Government of various countries Turning to OSS: Brazil, China, US. Navy, France, Cuba, India, Holland, Germany: in order to  replace pirated copies, Avoid reliance on commercial developers, Perceived security . Examples :LinuxApache,  Oracle Corporation and IBM participated in developing free and open-source software . Influence of Open-Source Software : As a reliable open-source alternative to UNIX, Linux is putting pressure on companies selling proprietary versions of UNIX. Linux is also putting pressure on Microsoft and Apple, which sell proprietary operating systems for desktop systems. Microsoft respect and appreciate the important role, the passion and the great contribution that open source software plays in our industry .



https://www.blackducksoftware.com/files/survey/2015_FoOS_Collaborators-v3.jpg



OSS Advantages ,Disadvantages, Security and Business Strategy



Advantages: Open source is a good way for business to achieve greater penetration of the market. Companies that offer open source software are able to establish an industry standard and, thus, gain competitive advantage. .It has also helped build developer loyalty as developers feel empowered and have a sense of ownership of the end product. Users should be treated as co-developers. Dynamic decision making structure .Minimizes vendor lock-in and proprietary systems. Minimizes capital expenditure and ongoing costs. More control of overall IT strategy. Open Source promotes innovation & ensures customization: Through availability of source code, Quicker to add features.



Disadvantages: It is sometimes said that the open source development process may not be well defined and the stages in the development process, such as system testing and documentation may be ignored. Not all OSS initiatives have been successful, for example sour exchange and Eazel. It is also difficult to design a commercially sound business model around the open source paradigm. In terms of security, open source may allow hackers to know about the weaknesses or loopholes of the software more easily than closed-source software.
Open-source software security is the measure of assurance or guarantee in the freedom from danger and risk inherent to an open-source software system. Benefits of open-source security: More people can inspect the source code to find and fix a possible vulnerability. This can lead to both faster discovery of unintentional security vulnerabilities, The end-user of open-source code has the ability to change and modify source to implement any extra "features" of security they may wish for a specific use, which can extend to the kernel level if they so wish, it is assumed that any compiler that is used creates code that can be trusted. Drawbacks of open-source security: All people have access to the source code, including potential attackers: Simply making source code available does not guarantee review, having many users look at source code does not guarantee that security flaws will be found and fixed.
Open software licensing: license defines the rights and obligations that a licensor grants to a licensee. Open source licenses grant licensees the right to copy, modify and redistribute source code. Examples Apache License, BSD license, GNU General Public License, and Mozilla Public License.

Business Models: The revenue model: Value creation: definition of the offer generating the highest willingness to pay. Capture of the value created through: The sale of rights (sale of patents, licenses or even client files).




 Dual-licensing, Selling professional services: The financial return of costs on open-source software can also come from selling services, such as training, technical support, or consulting, rather than the software itself.
Partnership with funding organizations: Other financial situations include partnerships with other companies. Governments, universities, companies, and non-governmental organizations may develop internally or hire a contractor for custom in-house modifications, then release that code under an open-source license. Some organizations support the development of open-source software by grants or stipends, like Google's Summer of Code initiative founded in 2005.

Open sources licenses fulfill 10 criteria: Free redistribution, Access to the source code, Right to change the source code and develop derived works, Respect of the integrity of the author’s source code., Forbidding discrimination against persons and groups, Forbidding discrimination against fields of endeavor, Universality of the rights attached to the program, Protection of the program, and not of the product, Lack of contamination of other products containing a protected source code , The license cannot discriminate against any technology or style of interface.

Legal & Other Risk Associated: Potential liability for intellectual property infringement. Open Source create opportunities for contributors therefore, it introduce infringing code and makes it almost impossible to audit the entire code base, Typical license form doesn't include any intellectual property representation, warranties or indemnities in favor of the licensee.

Potential causes of concern: Features, functions, security, ease of use, Loss of copyright control, Loss of trade secrets, Effect of fee based models

References:

Welcome to the Android Open Source Project


Welcome to the Android Open Source Project!

Android is an open-source software stack for a wide range of mobile devices and a corresponding open-source project led by Google. Open software platform for mobile development. Google's Android and Apple's iOS are operating systems used primarily in mobile technology, such as smartphones and tablets. Android, which is Linux-based and partly open source, is more PC-like than iOS, in that its interface and basic features are generally more customizable from top to bottom.  Android was founded in Palo Alto, California in October 2003 by Andy Rubin, Rich Miner, Nick Sears and Chris white who work at “Google” to develop. Android was bought by “Google” in 2005. The primary purposes of Android are to create an open software platform available for carriers, OEMs, and developers to make their innovative ideas a reality and to introduce a successful, real-world product that improves the mobile experience for users.

The version :  Alpha (1.0), Beta (1.1), Cupcake (1.5), Donut (1.6), Eclair (2.0–2.1), Froyo (2.2–2.2.3) ,Gingerbread (2.3–2.3.7), Honeycomb (3.0–3.2.6), Ice Cream Sandwich (4.0–4.0.4), Jelly Bean (4.1–4.3.1), KitKat (4.4–4.4.4)



DEVELOPMENT REQUIREMENTS: JAVA, Android SDK, Eclipse IDE (or ) Mono Develop , 
PROGRAMMING LANGUAGES: JAVA – officially supported.

Reference :
https://source.android.com/images/android_framework_details.png
http://image.slidesharecdn.com/ramadansanli-140521114335-phpapp01/95/android-29-638.jpg?cb=1401306803









F-Droid and list of OSS applications for Android phone






 F-Droid is the FOSS application store for Android phone

One of the cool things about Android is the open market model. The folks at Google don't mind at all if you side load apps, or use your phone to build apps of your own, or even if you install a whole separate application market. That's the real meaning of open when you hear the word being tossed around so freely. Because the platform is open, we get to see things like F-Droid.

F-Droid is a third party application "store" that hosts FOSS (Free and Open Source Software) in a repository for easy installation and updating. The repo is full of open-source software written under a variety of licenses, but all nice and FOSSy enough to please most any die-hard fan.
Having it laid out all nicely this way offers a few benefits as well. You can choose which version of an app to install, track which FOSS apps you have installed, and turn on update notifications right in the app settings. It's an excellent way to manage things, and closely mimics software repos from popular desktop Linux distributions. Even the F-Droid app itself is FOSS and licensed under the GPLv2+.

Of course we can't mention any third party application centers without thinking of security. F-Droid tackles this in a pretty novel way. Developers can upload a pre-built apk file, but the preferred way is to upload the source. F-Droid then builds an signs the code, creating an apk file they guarantee is 100% derived from the source code anyone can look through. Community oversight has long been a staple of the FOSS world, and when source is readily available you'll find that very few shenanigans are tried.


 A collection of useful, open source applications that demonstrate basic features of the Android platform.
  • Amazed: A simple but addictive accelerometer-based marble-guidance game.
  • AndroidGlobalTime: a full representation of the Earth that you can spin around.
  • AnyCut: A utility that lets users create Home screen shortcuts to nearly anything in the system.
  • Clickin2DaBeat: A game that mashes up YouTube with custom rhythm-game logic.
  • DivideAndConquer: a game in which you must isolate bouncing balls by creating walls around them.
  • HeightMapProfiler: A simple 3D performance testing tool that renders a 3D height map.
  • LOLcat Builder: O HAI. I CN HAS CHEEZBURGER?! IM N UR PHONE, CAPTIONIN UR PHOTOS.
  • Panoramio: An app that shows you nearby photos and points of interest.
  • Photostream: An app that lets you view photostreams from online photo-hosting services.
  • Radar: A radar-style relative location display view, used by Panoramio and others.
  • RingsExtended: A utility that provides enhanced control over ringtones.
  • Samples: Miscellaneous examples showing features of the Android platform (among which OpenGL ES).
  • SpriteMethodTest: An application that compares the speed of various 2D sprite drawing methods.
  • WebViewDemo: How Java and JavaScript can call each other inside a WebView.

  • WikiNotes: A wiki note pad that uses intents to navigate to wiki words and other rich content stored in the notes.


References:





Android Compatibility

Android Compatibility: Android's purpose is to establish an open platform for developers to build innovative apps. The Android Compatibility program defines the technical details of the Android platform and provides tools used by OEMs to ensure that developers' apps run on a variety of devices. The Android SDK provides built-in tools that developers use to clearly state the device features their apps require.
Users want a customizable device.
A mobile phone is a highly personal, always-on, always-present gateway to the Internet. We haven't met a user yet who didn't want to customize it by extending its functionality. That's why Android was designed as a robust platform for running aftermarket applications. No device manufacturer can hope to write all the software that a person could conceivably need. We need third-party developers to write the apps users want; so the Android Open Source Project aims to make it as easy and open as possible for developers to build apps.
Building a compatible device is a three-step process:
1.      Obtain the Android software source code. This is the source code for the Android platform that you port to your hardware.
2.      Comply with the Android Compatibility Definition Document (CDD). The CDD enumerates the software and hardware requirements of a compatible Android device.
3.      Pass the Compatibility Test Suite (CTS). Use the CTS as an ongoing aid to compatibility during the development process. After complying with the CDD and passing the CTS, your device is now Android compatible. Android apps in the ecosystem will have a consistent experience on your device.

References:

https://source.android.com/compatibility/index.html

Android Security


Android Security

Securing an open platform requires robust security architecture and rigorous security programs. Android was designed with multi-layered security that provides the flexibility required for an open platform, while providing protection for all users of the platform. Android was designed with developers in mind. Security controls were designed to reduce the burden on developers. Security-savvy developers can easily work with and rely on flexible security controls. Developers less familiar with security will be protected by safe defaults. This design includes the expectation that attackers would attempt to perform common attacks, such as social engineering attacks to convince device users to install malware, and attacks on third-party applications on Android. Android was designed to both reduce the probability of these attacks and greatly limit the impact of the attack in the event it was successful. Here I am showing an outlines of the Android security program, describes the fundamentals of the Android security architecture, and answers the most pertinent questions for system architects and security analysts.

Figure summarizes the security components and considerations of the various levels of the Android software stack. Each component assumes that the components below are properly secured. With the exception of a small amount of Android OS code running as root, all code above the Linux Kernel is restricted by the Application Sandbox.
The main Android platform building blocks are:
·         Device Hardware: Android runs on a wide range of hardware configurations including smart phones, tablets, and set-top-boxes. Android is processor-agnostic, but it does take advantage of some hardware-specific security capabilities such as ARM v6 eXecute-Never.
·         Android Operating System: The core operating system is built on top of the Linux kernel. All device resources, like camera functions, GPS data, Bluetooth functions, telephony functions, network connections, etc. are accessed through the operating system.
 
 
·         Android Application Runtime: Android applications are most often written in the Java programming language and run in the Dalvik virtual machine. However, many applications, including core Android services and applications are native applications or include native libraries. Both Dalvik and native applications run within the same security environment, contained within the Application Sandbox. Applications get a dedicated part of the filesystem in which they can write private data, including databases and raw files.


References:



http://m.eet.com/media/1172879/wind%20river%20-%20android%20security%20-%20figure%201.jpg


http://www.secureauth.com/SecureAuth/media/Blog/android-architecture.png

Android System Architecture

Android Interfaces: The Android operating system is open-sourced to help you through your device's bring up. Android provides you with the freedom to implement your own device specifications and the drivers to support them. The hardware abstraction layer (HAL) gives you a standard way to create software hooks in between the Android platform stack and your hardware. To ensure that your devices maintain a high level of quality and offers a consistent experience for your users, they must also pass the tests in the compatibility test suite (CTS). CTS ensures that anyone building a device meets a quality standard that ensures apps run reliably well and gives users a good experience.
Android Low-Level System Architecture: it is important to have an understanding of how Android works . Because your drivers and HAL code interact with many layers of Android code, this understanding can help you find your way through the many layers of code that are available to you through the AOSP (Android Open Source Project) source tree. The following diagram shows a system level view of how Android works:
Figure  :Android System Architecture

Application framework
This is the level that most application developers concern themselves with. You should be aware of the APIs available to developers as many of them map 1:1 to the underlying HAL interfaces and can provide information as to how to implement your driver.

Binder IPC
The Binder Inter-Process Communication mechanism allows the application framework to cross process boundaries and call into the Android system services code. This basically allows high level framework APIs to interact with Android's system services. At the application framework level, all of this communication is hidden from the developer and things appear to just work.

System services
Most of the functionality exposed through the application framework APIs must communicate with some sort of system service to access the underlying hardware. Services are divided into modular components with focused functionality such as the Window Manager, Search Service, or Notification Manager. System services are grouped into two buckets: system and media. The system services include things such as the Window or Notification Manager. The media services include all the services involved in playing and recording media.

Hardware abstraction layer (HAL)
The HAL serves as a standard interface that allows the Android system to call into the device driver layer while being agnostic about the lower-level implementations of your drivers and hardware.

Linux Kernel
Android uses a specialized version of the Linux kernel with a few special additions such as wake locks, a memory management system that is more aggressive in preserving memory, the Binder IPC driver, and other features that are important for a mobile embedded platform like Android.

Android Open Source Project management and Applications



Android Open Source Project  management and Applications


The Android Open Source Project (AOSP) includes individuals working in a variety of roles. Google is responsible for Android product management and the engineering process for the core framework and platform; however, the project considers contributions from any source, not just Google. This page describes the kinds of roles that interested parties can take on. Trade Federation is a continuous test framework designed for running tests on Android devices. It's a Java application which runs on a host computer, and communicates to one or more Android devices using ddmlib (the library behind DDMS) over adb. Anyone who is interested in exploring and contributing to Android can use the Android Open Source Project resources. "Contributors" are those making contributions to the AOSP source code, including both employees of Google or other companies, as well as individual developers who are contributing to Android on their own behalf.  "Developers" are engineers writing applications that run on Android devices. There is often little difference in skill set between a developer and a contributor. "Verifiers" are responsible for testing change requests. After individuals have submitted a significant amount of high-quality code to the project, the project leads might invite them to become verifiers.  "Approvers" are experienced members of the project who have demonstrated their design skills and have made significant technical contributions to the project. In the code-review process, an approver decides whether to include or exclude a change. Project leads (who are typically employed by Google) choose the approvers, sometimes promoting to this position verifiers who have demonstrated their expertise within a specific project.  The preferred license for the Android Open Source Project is the Apache Software License, Version 2.0 ("Apache 2.0"), and the majority of the Android software is licensed with Apache 2.0. 
Android applications extend the core Android operating system. There are two primary sources for applications:
·         Pre-Installed Applications: Android includes a set of pre-installed applications including phone, email, calendar, web browser, and contacts. These function both as user applications and to provide key device capabilities that can be accessed by other applications. Pre-installed applications may be part of the open source Android platform, or they may be developed by an OEM for a specific device.
·         User-Installed Applications: Android provides an open development environment supporting any third-party application. Google Play offers users hundreds of thousands of applications.

Google provides a set of cloud-based services that are available to any compatible Android device. The primary services are:
·         Google Play: Google Play is a collection of services that allow users to discover, install, and purchase applications from their Android device or the web. Google Play makes it easy for developers to reach Android users and potential customers. Google Play also provides community review, application license verification, application security scanning, and other security services.
·        Android Updates: The Android update service delivers new capabilities and security updates to Android devices, including updates through the web or over the air (OTA).
·         Application Services: Frameworks that allow Android applications to use cloud capabilities such as (backing up) application data and settings and cloud-to-device messaging (C2DM) for push messaging.


References:
http://ontarget-group.com/images/project-management-diagram.jpg


Android OS Comparison with other Mobile OS


Android OS Comparison with other Mobile OS












Open Source Apps for Small Business


Open Source Security & Privacy Apps for Small Business

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
F-Droid is a software repository (or "app store") for Android applications. It functions similarly to the Google Play store, but only contains free-of-charge, free and open-source software. The apps can be browsed and installed from the F-Droid website or directly from the F-Droid client app (which is not available in the Google Play store). The F-Droid client app will automatically update installed F-Droid apps. The website also offers the source code of all applications for download. F-Droid does not require users to register and flags applications that contain "anti-features" such as advertising, user tracking or dependence on non-free software. The software running the F-Droid server is free software, and allows anybody to set up their own Android app repository.


Open Source Security & Privacy Apps for Small Business



      keypass password safe: if you spend any amount of time online you have an unwieldy number of logins and passwords tomanageKeePass is a super-nice, free password creator, manager and encrypted locker that stores your logins securely. You only need to remember a single master password. For extra-strong security you can also secure it with an encryption key. KeePass runs on Mac OS X, Linux, and Windows. There are also portable versions that run from a USB stick, and mobile versions for Android, iPhone, iPad.


      
      
                                                                                       secure cloud storage
Popular cloud storage vendors Dropbox and Google Drive are not very secure, and Dropbox has been afflicted with some embarrassing gaffes such as accidentally turning off password authentication,and getting hacked. The best cloud storage is "zero knowledge," which means your files are strongly-encrypted, and nobody can get into your files without your encryption key.











References : 




Advantages and disadvantages of Android




Advantages of Android: Android is open:  because it is Linux based open source so it can be developed by anyone. Easy access to the Android App Market: Android owners are people who love to learn the phone; with Google's Android App Market you can download applications for free. Populist Operating System: Android Phones, different from the iOS is limited to the iphone from Apple, then Android has many manufacturers, with their respective flagship gadget from HTC to Samsung. USB full facilities. You can replace the battery, mass storage, DiskDrive, and USB tethering.Easy in terms of notification: the operating system is able to inform you of a new SMS, Email, or even the latest articles from an RSS Reader. Supports all Google services: Android operating system supports all of Google services ranging from Gmail to Google reader. All Google services can you have with one operating system, namely Android.

Disadvantage: Connected to the Internet: Android can be said is in need of an active internet connection. At least there should be a GPRS internet connection in your area, so that the device is ready to go online to suit our needs. Sometimes slow device company issued an official version of Android your own. Android Market is less control of the manager, sometimes there are malware. Wasteful Batteries, This is because the OS is a lot of "process" in the background causing the battery quickly drains. Android is truly open, free development platform based on Linux and open source. Android is open to all: industry, developers and users.