blob: e23d73491db0e348e952b12596cf8f9f99e444ac [file] [log] [blame]
page.title=Security overview
Copyright 2014 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.
<div id="qv-wrapper">
<div id="qv">
<h2>In this document</h2>
<ol id="auto-toc"></ol>
<h2 id="android-security-program-overview">Security Program Overview</h2>
<p>Early on in development, the core Android development team recognized that a
robust security model was required to enable a vigorous ecosystem of
applications and devices built on and around the Android platform and supported
by cloud services. As a result, through its entire development lifecycle,
Android has been subjected to a professional security program. The Android team
has had the opportunity to observe how other mobile, desktop, and server platforms
prevented and reacted to security issues and built a security
program to address weak points observed in other offerings.</p>
<p>The key components of the Android Security Program include:</p>
<li><strong>Design Review</strong>: The Android security process begins early in the
development lifecycle with the creation of a rich and configurable security
model and design. Each major feature of the platform is reviewed by engineering
and security resources, with appropriate security controls integrated into the
architecture of the system.</li>
<li><strong>Penetration Testing and Code Review</strong>: During the development of the
platform, Android-created and open-source components are subject to vigorous
security reviews. These reviews are performed by the Android Security Team,
Googles Information Security Engineering team, and independent security
consultants. The goal of these reviews is to identify weaknesses and possible
vulnerabilities well before the platform is open-sourced, and to simulate the
types of analysis that will be performed by external security experts upon
<li><strong>Open Source and Community Review</strong>: The Android Open Source Project enables
broad security review by any interested party. Android also uses open source
technologies that have undergone significant external security review,
such as the Linux kernel. Google Play provides a forum for users and companies
to provide information about specific applications directly to users.</li>
<li><strong>Incident Response</strong>: Even with all of these precautions, security issues
may occur after shipping, which is why the Android project has created a
comprehensive security response process. A full-time Android security team
constantly monitors Android-specific and the general security community for
discussion of potential vulnerabilities. Upon the discovery of legitimate
issues, the Android team has a response process that enables the rapid
mitigation of vulnerabilities to ensure that potential risk to all Android
users is minimized. These cloud-supported responses can include updating the
Android platform (over-the-air updates), removing applications from Google
Play, and removing applications from devices in the field.</li>
<h2 id="android-platform-security-architecture">Platform Security Architecture</h2>
<p>Android seeks to be the most secure and usable operating system for mobile
platforms by re-purposing traditional operating system security controls to:</p>
<li>Protect user data</li>
<li>Protect system resources (including the network)</li>
<li>Provide application isolation</li>
<p>To achieve these objectives, Android provides these key security features:</p>
<li>Robust security at the OS level through the Linux kernel</li>
<li>Mandatory application sandbox for all applications</li>
<li>Secure interprocess communication</li>
<li>Application signing</li>
<li>Application-defined and user-granted permissions</li>