Android Security Analysis
Abstract
According to recent worldwide sales figures reported by Gartner [1], Android is the most popular operating system (OS) when considering all general-purpose computing platforms (smartphones, tablets, laptops, and PCs). Mobile OSes such as Android introduce new security architectures designed with the experience of past lessons learned from traditional computing platforms. Most notably, Android provides a sandbox for applications (hereinafter apps") which isolates app data and code execution from other apps [2]. Android places security controls on allowed interactions between apps, and between each app and underlying device resources. The Android security architecture is designed to provide protection from malicious app behaviors, and to increase resilience to prevent or minimize the impact of exploitation of security vulnerabilities. By default, apps cannot access data stored by another app, and are restricted from interfering with the behavior of another app. Apps must request permission to access device capabilities such as the microphone, camera, or physical location services, such as Global Positioning System (GPS). Apps also must request permission to access sensitive information repositories such as contact lists. Apps are also limited in their ability to access other underlying device resources and services. Every app must include a manifest file (AndroidManifest.xml) that defines the apps permissions and other important properties. The contents of the manifest file are read and enforced by the Android OS.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2016
- Accession Number
- AD1014839
Entities
People
- Andrew Pyles
- Gananand Kini
- Michael Peck
Organizations
- MITRE Corporation