Zygote Android – The Rise Of Mobile Threats

This post is all about a very awesome piece of Android Operating System. Well Firstly, If you have worked with android then you obviously have run the ps command and might have seen that all the applications have the same parent PID also known as PPID.
Android uses a very different technique to start a process and it ensures that the application startup process is snappy.
Zygote is the name of the process from which all the android applications are derived.

zygote Virus

Why Zygote?

A process starts by forking the parent process. It then goes through various setup steps which also includes loading of libraries and resources. This process is hard to notice on our beefy desktops and the process setup also consumes time. Not all the devices are of high spec in case of Android and this process setup is noticeable to the end user. To normalize the process startup time on various devices the Android cold starts a process during OS startup because of which the application is forked when required. This whole Process is known as Zygote.

zygote Android

Zygote Startup?

As soon as the Android device is put to Switch on mode and after all the booting up steps the init system starts it process and run the /init.rc file to setup various environment variables, start native daemons , mount points etc. During the execution of init.rc, Zygote is started.

The initialization of Zygote can be easily simplified into following steps:

  1. Register Zygote socket (listens for connections on /dev/socket/zygote) for requests to start new apps.
  2. Preloads resources.
  3. Preloads all java classes.
  4. Opens the socket.
  5. Starts the system server (not covered in this post).
  6. Listens to the connections.

Leave a Reply

Your email address will not be published. Required fields are marked *