Page 11 - FIGI: Security analysis of the KaiOS feature phone platform for DFS applications Security, Infrastructure and Trust Working Group
P. 11
3 KAIOS AND ITS SECURITY MODEL
3�1 KaiOS – Gonk: The Linux kernel and associated software
KaiOS is an operating system for feature phones that that Gecko runs on.
is developed by KaiOS Technologies. It builds on the – Hardware: The mobile device that runs KaiOS.
Firefox Operating System (OS) that was developed
by the Mozilla foundation. The four layers are shown in Figure 2.
The basic idea of KaiOS is that the phone only runs a Apps (in Gaia) that want to use features of the
web browser and that all applications on the phone phone (in Gonk) cannot do this directly. Gecko
are written like web applications in HTML5, JavaS- acts as a mediator between these layers and only
cript and CSS. Thus, the browser almost acts like an allows access to specific functionalities based on
operating system. In reality, the browser runs on top predefined permissions.
of a small Linux operating system. Apps are given different levels of privilege depend-
The choice has been made to not support touch ing on their type:
screens, which make KaiOS the ideal OS for afford-
able phones. Additionally, to the standard function- 3.1.2 Certified apps
alities that web browsers offer, KaiOS offers a more Certified apps are highly trusted. They are approved
advanced Application Programming Interface (API) by the operator or the manufacturer. They are
that allows, for example, to dial a phone number or reserved for critical applications like SMS, Bluetooth,
read SMS messages. camera, system clock, telephony and the default dial-
Modern browsers and recent HTML standards er (used to call emergency services).
already allow to store data and to run a web applica- Certified apps have access to most Web API opera-
tion locally. KaiOS extends the standard browser API tions.
to add additional features useful for apps running on
a phone. These include managing Bluetooth, Wi-Fi 3.1.3 Privileged apps
and mobile connectivity and data storage. Privileged apps are application that have been
This means that all files and the manifest are stored reviewed, approved and digitally signed by an autho-
on a web server. One advantage of hosted apps is rized KaiStore.
that they can be updated on the fly by the host, Privileged apps have access to a subset of the Web
making sure that all users get the latest version. API that is accessible to certified apps.
Alternatively, applications can be packaged in a zip
file. Packaged apps are downloaded and installed on 3.1.4 Web apps
the phone. They will load faster than a hosted app Web apps refer to all other apps. They are regular
and can be used when offline. More importantly, they web applications that can either be installed (stored
can be signed and trusted to use more privileged locally on the phone) or hosted (stored remotely).
APIs, as explained in the next chapter. Untrusted apps have access to a subset of Web APIs
that contain sufficient security mitigations to be
3.1.1 Security model of KaiOS exposed to untrusted web content.
The security model of KaiOS is described in the online By default, apps have very limited access to Web
documentation of Kai OS Technologies . KaiOS is APIs. If they need more access, the additional API
3
made of the following layers (top to bottom): calls must be declared in the manifest of the applica-
tion. Gecko will only grant access to these calls if the
– Gaia: The set of HTML5, CSS, JavaScript apps that app is sufficiently qualified (certified, trusted or web)
are used for operating the phone. for that access.
– Gecko: The "browser" that runs all apps and offers
an extended API to access specific features of the
phone, also referred to as the runtime.
Security analysis of the KaiOS feature phone platform for DFS applications 9
