1 page.title=Security 2 @jd:body 3 <!-- 4 Copyright 2015 The Android Open Source Project 5 6 Licensed under the Apache License, Version 2.0 (the "License"); 7 you may not use this file except in compliance with the License. 8 You may obtain a copy of the License at 9 10 http://www.apache.org/licenses/LICENSE-2.0 11 12 Unless required by applicable law or agreed to in writing, software 13 distributed under the License is distributed on an "AS IS" BASIS, 14 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 See the License for the specific language governing permissions and 16 limitations under the License. 17 --> 18 <div id="qv-wrapper"> 19 <div id="qv"> 20 <h2>In this document</h2> 21 <ol id="auto-toc"></ol> 22 </div> 23 </div> 24 25 <h2 id="introduction">Introduction</h2> 26 <p>Android is a modern mobile platform that was designed to be truly open. Android 27 applications make use of advanced hardware and software, as well as local and 28 served data, exposed through the platform to bring innovation and value to 29 consumers. To protect that value, the platform must offer an application 30 environment that ensures the security of users, data, applications, the device, 31 and the network.</p> 32 <p>Securing an open platform requires a robust security architecture and 33 rigorous security programs. Android was designed with multi-layered 34 security that provides the flexibility required for an open platform, while 35 providing protection for all users of the platform. For information about 36 reporting security issues and the update process, 37 see <a href="overview/updates-resources.html">Security Updates and Resources</a>.</p> 38 <p>Android was designed with developers in mind. Security controls were designed 39 to reduce the burden on developers. Security-savvy developers can easily work 40 with and rely on flexible security controls. Developers less familiar with 41 security will be protected by safe defaults.</p> 42 <p>Android was designed with device users in mind. Users are provided visibility 43 into how applications work, and control over those applications. This design 44 includes the expectation that attackers would attempt to perform common 45 attacks, such as social engineering attacks to convince device users to install 46 malware, and attacks on third-party applications on Android. Android was 47 designed to both reduce the probability of these attacks and greatly limit the 48 impact of the attack in the event it was successful.</p> 49 <p>This documentation outlines the goals of the Android security program, describes the 50 fundamentals of the Android security architecture, and answers the most 51 pertinent questions for system architects and security analysts. This document 52 focuses on the security features of Android's core platform and does not 53 discuss security issues that are unique to specific applications, such as those 54 related to the browser or SMS application. Recommended best practices for 55 building Android devices, deploying Android devices, or developing applications 56 for Android are not the goal of this document and are provided elsewhere.</p> 57 58 <h2 id="background">Background</h2> 59 <p>Android provides an open source platform and application environment for mobile 60 devices.</p> 61 <p>The sections and pages below describe the security features of the Android 62 platform. <em>Figure 1</em> summarizes the security components and considerations of 63 the various levels of the Android software stack. Each component assumes that 64 the components below are properly secured. With the exception of a small amount 65 of Android OS code running as root, all code above the Linux Kernel is 66 restricted by the Application Sandbox.</p> 67 <p><img alt="Figure 1: Android software stack" src="images/android_software_stack.png" /></p> 68 <p><em>Figure 1: Android software stack.</em></p> 69 <p>The main Android platform building blocks are:</p> 70 <ul> 71 <li> 72 <p><strong>Device Hardware</strong>: Android runs on a wide range of hardware configurations 73 including smart phones, tablets, and set-top-boxes. Android is 74 processor-agnostic, but it does take advantage of some hardware-specific 75 security capabilities such as ARM v6 eXecute-Never.</p> 76 </li> 77 <li> 78 <p><strong>Android Operating System</strong>: The core operating system is built on top of 79 the Linux kernel. All device resources, like camera functions, GPS data, 80 Bluetooth functions, telephony functions, network connections, etc. are 81 accessed through the operating system.</p> 82 </li> 83 <li> 84 <p><strong>Android Application Runtime</strong>: Android applications are most often written 85 in the Java programming language and run in the Dalvik virtual machine. 86 However, many applications, including core Android services and applications 87 are native applications or include native libraries. Both Dalvik and native 88 applications run within the same security environment, contained within the 89 Application Sandbox. Applications get a dedicated part of the filesystem in 90 which they can write private data, including databases and raw files.</p> 91 </li> 92 </ul> 93 <p>Android applications extend the core Android operating system. There are two 94 primary sources for applications:</p> 95 <ul> 96 <li> 97 <p><strong>Pre-Installed Applications</strong>: Android includes a set of pre-installed 98 applications including phone, email, calendar, web browser, and contacts. These 99 function both as user applications and to provide key device capabilities that 100 can be accessed by other applications. Pre-installed applications may be part 101 of the open source Android platform, or they may be developed by an OEM for a 102 specific device.</p> 103 </li> 104 <li> 105 <p><strong>User-Installed Applications</strong>: Android provides an open development 106 environment supporting any third-party application. Google Play offers 107 users hundreds of thousands of applications.</p> 108 </li> 109 </ul> 110 <p>Google provides a set of cloud-based services that are available to any 111 compatible Android device. The primary services are:</p> 112 <ul> 113 <li> 114 <p><strong>Google Play</strong>: Google Play is a collection of services that 115 allow users to discover, install, and purchase applications from their Android 116 device or the web. Google Play makes it easy for developers to reach Android 117 users and potential customers. Google Play also provides community review, 118 application <a href="https://developer.android.com/guide/publishing/licensing.html">license 119 verification</a>, application security scanning, and other security services.</p> 120 </li> 121 <li> 122 <p><strong>Android Updates</strong>: The Android update service delivers new capabilities and 123 security updates to Android devices, including updates through the web or over 124 the air (OTA).</p> 125 </li> 126 <li> 127 <p><strong>Application Services</strong>: Frameworks that allow Android applications to use 128 cloud capabilities such as (<a href="https://developer.android.com/guide/topics/data/backup.html">backing 129 up</a>) application 130 data and settings and cloud-to-device messaging 131 (<a href="https://developers.google.com/android/c2dm/">C2DM</a>) 132 for push messaging.</p> 133 </li> 134 </ul> 135 <p>These services are not part of the Android Open Source Project and are out 136 of scope for this document. But they are relevant to the security of most 137 Android devices, so a related security document titled Google Services for 138 Android: Security Overview is available.</p> 139 140 141
