1 page.title=Android Security FAQ 2 parent.title=FAQs, Tips, and How-to 3 parent.link=index.html 4 @jd:body 5 6 <ul> 7 <li><a href="#secure">Is Android Secure?</a></li> 8 <li><a href="#issue">I think I found a security flaw. How do I report 9 it?</a></li> 10 <li><a href="#informed">How can I stay informed of Android security 11 announcements?</a></li> 12 <li><a href="#use">How do I securely use my Android phone?</a></li> 13 <li><a href="#malware">I think I found malicious software being distributed 14 for Android. How can I help?</a></li> 15 <li><a href="#fixes">How will Android-powered devices receive security fixes?</a> 16 </li> 17 <li><a href="#directfix">Can I get a fix directly from the Android Platform 18 Project?</a></li> 19 </ul> 20 21 22 <a name="secure" id="secure"></a><h2>Is Android secure?</h2> 23 24 <p>The security and privacy of our users' data is of primary importance to the 25 Android Open Source Project. We are dedicated to building and maintaining one 26 of the most secure mobile platforms available while still fulfilling our goal 27 of opening the mobile device space to innovation and competition.</p> 28 29 <p>The Android Platform provides a rich <a 30 href="http://code.google.com/android/devel/security.html">security model</a> 31 that allows developers to request the capabilities, or access, needed by their 32 application and to define new capabilities that other applications can request. 33 The Android user can choose to grant or deny an application's request for 34 certain capabilities on the handset.</p> 35 36 <p>We have made great efforts to secure the Android platform, but it is 37 inevitable that security bugs will be found in any system of this complexity. 38 Therefore, the Android team works hard to find new bugs internally and responds 39 quickly and professionally to vulnerability reports from external researchers. 40 </p> 41 42 43 <a name="issue" id="issue"></a><h2>I think I found a security flaw. How do I 44 report it?</h2> 45 46 <p>You can reach the Android security team at <a 47 href="mailto:security (a] android.com">security (a] android.com</a>. If you like, you 48 can protect your message using our <a 49 href="http://code.google.com/android/security_at_android_dot_com.txt">PGP 50 key</a>.</p> 51 52 <p>We appreciate researchers practicing responsible disclosure by emailing us 53 with a detailed summary of the issue and keeping the issue confidential while 54 users are at risk. In return, we will make sure to keep the researcher informed 55 of our progress in issuing a fix and will properly credit the reporter(s) when 56 we announce the patch. We will always move swiftly to mitigate or fix an 57 externally-reported flaw and will publicly announce the fix once patches are 58 available to users.</p> 59 60 61 <a name="informed" id="informed"></a><h2>How can I stay informed of Android 62 security announcements?</h2> 63 64 <p>An important part of sustainably securing a platform, such as, Android is 65 keeping the user and security community informed of bugs and fixes. We will 66 publicly announce security bugs when the fixes are available via postings to 67 the <a 68 href="http://groups.google.com/group/android-security-announce">android-security-announce</a> 69 group on Google Groups. You can subscribe to this group as you would a mailing 70 list and view the archives here.</p> 71 72 <p>For more general discussion of Android platform security, or how to use 73 security features in your Android application, please subscribe to <a 74 href="http://groups.google.com/group/android-security-discuss">android-security-discuss</a>. 75 </p> 76 77 78 <a name="use" id="use"></a><h2>How do I securely use my Android phone?</h2> 79 80 <p>As an open platform, Android allows users to load software from any 81 developer onto a device. As with a home PC, the user must be 82 aware of who is providing the software they are downloading and must decide 83 whether they want to grant the application the capabilities it requests. 84 This decision can be informed by the user's judgment of the software 85 developer's trustworthiness, and where the software came from.</p> 86 87 <p>Despite the security protections in Android, it is important 88 for users to only download and install software from developers they trust. 89 More details on how Android users can make smart security decisions will be 90 released when consumer devices become available.</p> 91 92 93 <a name="malware" id="malware"></a><h2>I think I found malicious software being 94 distributed for Android. How can I help?</h2> 95 96 <p>Like any other open platform, it will be possible for unethical developers 97 to create malicious software, known as <a 98 href="http://en.wikipedia.org/wiki/Malware">malware</a>, for Android. If you 99 think somebody is trying to spread malware, please let us know at <a 100 href="mailto:security (a] android.com">security (a] android.com</a>. Please include as 101 much detail about the application as possible, with the location it is 102 being distributed from and why you suspect it of being malicious software.</p> 103 104 <p>The term <i>malicious software</i> is subjective, and we cannot make an 105 exhaustive definition. Some examples of what the Android Security Team believes 106 to be malicious software is any application that: 107 <ul> 108 <li>drains the device's battery very quickly;</li> 109 <li>shows the user unsolicited messages (especially messages urging the 110 user to buy something);</li> 111 <li>resists (or attempts to resist) the user's effort to uninstall it;</li> 112 <li>attempts to automatically spread itself to other devices;</li> 113 <li>hides its files and/or processes;</li> 114 <li>discloses the user's private information to a third party, without the 115 user's knowledge and consent;</li> 116 <li>destroys the user's data (or the device itself) without the user's 117 knowledge and consent;</li> 118 <li>impersonates the user (such as by sending email or buying things from a 119 web store) without the user's knowledge and consent; or</li> 120 <li>otherwise degrades the user's experience with the device.</li> 121 </ul> 122 </p> 123 124 125 <a name="fixes" id="fixes"></a><h2>How will Android-powered devices receive security 126 fixes?</h2> 127 128 <p>The manufacturer of each device is responsible for distributing software 129 upgrades for it, including security fixes. Many devices will update themselves 130 automatically with software downloaded "over the air", while some devices 131 require the user to upgrade them manually.</p> 132 133 <p>When Android-powered devices are publicly available, this FAQ will provide links how 134 Open Handset Alliance members release updates.</p> 135 136 <a name="directfix" id="directfix"></a><h2>Can I get a fix directly from the 137 Android Platform Project?</h2> 138 139 <p>Android is a mobile platform that will be released as open source and 140 available for free use by anybody. This means that there will be many 141 Android-based products available to consumers, and most of them will be created 142 without the knowledge or participation of the Android Open Source Project. Like 143 the maintainers of other open source projects, we cannot build and release 144 patches for the entire ecosystem of products using Android. Instead, we will 145 work diligently to find and fix flaws as quickly as possible and to distribute 146 those fixes to the manufacturers of the products.</p> 147 148 <p>In addition, We will add security fixes to the open source distribution of 149 Android and publicly announce the changes on <a 150 href="http://groups.google.com/group/android-security-announce">android-security-announce</a>. 151 </p> 152 153 <p>If you are making an Android-powered device and would like to know how you can 154 properly support your customers by keeping abreast of software updates, please 155 contact us at <a 156 href="mailto:info (a] openhandsetalliance.com">info (a] openhandsetalliance.com</a>.</p> 157
