06/11/11 Android Security Overview | Android Open Source

A d id.c

Home Source Compatibilit Tech Info Communit About

Topics
Da i I Thi D c e
Deb ggi g
E c i A d id Sec i O e ie
Sec i I d ci
Bac g d
A d id Sec i P g a O e ie
A d id P a f Sec i A chi ec e
S e a d Ke e Le e Sec i
Li Sec i
The A ica i Sa db
S e Pa i i a d Safe M de
Fi e e Pe i i
Fi e e E c i
Pa d P ec i
De ice Ad i i a i
Me Ma age e Sec i E ha ce e
R i g f De ice
A d id A ica i Sec i
Ee e f A ica i
The A d id Pe i i M de : Acce i g P ec ed
API
H U e U de a d Thi d-Pa A ica i
I e ce C ica i
C -Se i i e API
SIM Ca d Acce
Pe a I f ai
Se i i e Da a I De ice
De ice Me ada a
A ica i Sig i g
Digi a Righ Ma age e
A d id U da e
O he Re ce

Android Securit Overview

Introduction
A d id i a de bi e a f ha a de ig ed be
e . A d id a ica i a e e f ad a ced ha d a e a d
f a e, a e a ca a d e ed da a, e ed h gh he
af bi gi ai a d a e c e .T ec ha
a e, he a f ffe a a ica i e i e ha
e e he ec i f e , da a, a ica i , he de ice, a d
he e .

Sec i g a e af e ie a b ec i a chi ec e
a d ig ec i g a . A d id a de ig ed i h i-
a e ed ec i ha ide he f e ibi i e i ed f a e
af , hi e idi g ec i f a e f he a f .

A d id a de ig ed i h de e e i i d. Sec i c
source.android.com/tech/security/index.html#system-and-kernel-level-se 1/17
06/11/11 Android Security Overview | Android Open Source
e e de ig ed ed ce he b de de e e . Sec i - a
de e e ca ea i iha d e f e ib e ec i
c . De e e e fa i ia i h ec i i be ec ed b
afe defa .

A d id a de ig ed i h de ice e i i d. U e a e ided
i ibi i i h a ica i ,a dc e h e
a ica i . Thi de ig i c de he e ec a i ha a ac e
da e ef c a ac , ch a cia
e gi ee i g a ac c i ce de ice e i a a a e,
a d a ac hi d- a a ica i A d id. A d id a
de ig ed b h ed ce he babi i f he e a ac a d g ea
i i he i ac f he a ac i he e e i a cce f .

Thi d c e i e he g a f he A d id ec i ga ,
de c ibe he f da e a f he A d id ec i a chi ec e,
a da e he e i e e i f e a chi ec
a d ec i a a . Thi d c e f c e he ec i
fea e f A d id' c e a f a dd e di c ec i
i e ha a e i e ecific a ica i , ch a h e
e a ed he b e SMS a ica i . Rec e ded be
ac ice f b i di g A d id de ice , de i g A d id de ice ,
de e i g a ica i f A d id a e he g a f hi
d c e a dae ided e e he e.

Background
A d id ide a e ce af a da ica i
e i e f bi e de ice .

The ai A d id af b i di g b c a e:

Device Hardware: A d id a ide a ge f

ha d a e c fig a i i c di g a h e , ab e , a d
e - -b e . A d id i ce -ag ic, b i d e
a e ad a age f e ha d a e- ecific ec i
ca abi i ie ch a ARM 6 eXec e-Ne e .

Android Operating S stem: The c e e a i g e i

b i f he Li e e . A de ice e ce , i e
ca e a f c i , GPS da a, B e hf ci , ee h
f ci , e c ec i , e c. a e acce ed h gh
he e a i g e .

Android Application Runtime: A d id a ica i ae

fe i e i he Ja a ga i g a g age a d
i he Da i i a achi e. H e e , a a ica i ,
i c di g c e A d id e ice a d a ica i ae ai e
a ica i i c de a i e ib a ie . B h Da i a d a i e
a ica i i hi he a e ec i e i e ,
c ai ed i hi he A ica i Sa db . A ica i ge a
dedica ed a f he fi e e i hich he ca ie
i a e da a, i c di g da aba e a d a fi e .

A d id a ica i e e d he c e A d id e a i g e .
The e a e i a ce f a ica i :

Pre-Installed Applications: A d id i c de a e f e-
i a ed a ica i i c di g h e, e ai , ca e da , eb
b e , a d c ac . The e f c i b ha e
a ica i a d ide e de ice ca abi i ie ha ca
be acce ed b he a ica i . P e-i a ed a ica i
source.android.com/tech/security/index.html#system-and-kernel-level-se 2/17
06/11/11 Android Security Overview | Android Open Source
may be part of the open source Android platform, or they
may be developed by an OEM for a specific device.

User-Installed Applications: Android provides an open

development environment supporting any third-party
application. The Android Market offers users hundreds of
thousands of applications.

Google provides a set of cloud-based services that are available to

any compatible Android device. The primary services are:

Android Market: The Android Market is a collection of

services that allow users to discover, install, and purchase
applications from their Android device or the web. The
Market makes it easy for developers to reach Android users
and potential customers. The Market also provides
community review, application license verification, and other
security services.

Android Updates: The Android update service delivers new

capabilities and security updates to Android devices,
including updates through the web or over the air (OTA).

Application Services: Frameworks that allow Android

applications to use cloud capabilities such as (backing up)
application data and settings and cloud-to-device messaging
(C2DM) for push messaging.

These services are not part of the Android Open Source Project and
are out of scope for this document. But they are relevant to the
security of most Android devices, so a related security document
titled “Google Services for Android: Security Overview” is available.

Android Securit Program Overview

Early on in development, the core Android development team
recognized that a robust security model was required to enable a
vigorous ecosystem of applications and devices built on and around
the Android platform and supported by cloud services. As a result,
through its entire development lifecycle, Android has been
subjected to a professional security program. The Android team has
had the opportunity to observe how other mobile, desktop, and
server platforms prevented and reacted to security issues and built
a security program to address weak points observed in other
offerings.

The key components of the Android Security Program include:

Design Review: The Android security process begins early

in the development lifecycle with the creation of a rich and
configurable security model and design. Each major feature
of the platform is reviewed by engineering and security
resources, with appropriate security controls integrated into
the architecture of the system.
Penetration Testing and Code Review: During the
development of the platform, Android-created and open-
source components are subject to vigorous security reviews.
These reviews are performed by the Android Security Team,
Google s Information Security Engineering team, and
independent security consultants. The goal of these reviews
is to identify weaknesses and possible vulnerabilities well
before the platform is open-sourced, and to simulate the

source.android.com/tech/security/index.html#system-and-kernel-level-se 3/17
06/11/11 Android Security Overview | Android Open Source
pe of anal i ha ill be pe fo med b e e nal ec i
e pe pon elea e.
Open Source and Communit Review: The And oid Open
So ce P ojec enable b oad ec i e ie b an
in e e ed pa . And oid al o e open o ce
echnologie ha ha e nde gone ignifican e e nal
ec i e ie , ch a he Lin ke nel. The And oid
Ma ke p o ide a fo m fo e and companie o p o ide
info ma ion abo pecific applica ion di ec l o e .
Incident Response: E en i h all of he e p eca ion ,
ec i i e ma occ af e hipping, hich i h he
And oid p ojec ha c ea ed a comp ehen i e ec i
e pon e p oce . A f ll- ime And oid ec i eam
con an l moni o And oid- pecific and he gene al
ec i comm ni fo di c ion of po en ial lne abili ie .
Upon he di co e of legi ima e i e , he And oid eam
ha a e pon e p oce ha enable he apid mi iga ion of
lne abili ie o en e ha po en ial i k o all And oid
e i minimi ed. The e clo d- ppo ed e pon e can
incl de pda ing he And oid pla fo m (o e - he-ai pda e ),
emo ing applica ion f om he And oid Ma ke , and emo ing
applica ion f om de ice in he field.

Android Platform Securit Architecture

And oid eek o be he mo ec e and able ope a ing em
fo mobile pla fo m b e-p po ing adi ional ope a ing em
ec i con ol o:

P o ec e da a
P o ec em e o ce (incl ding he ne o k)
P o ide applica ion i ola ion

To achie e he e objec i e , And oid p o ide he e ke ec i

fea e :

Rob ec i a he OS le el h o gh he Lin ke nel

Manda o applica ion andbo fo all applica ion
Sec e in e p oce comm nica ion
Applica ion igning
Applica ion-defined and e -g an ed pe mi ion

The ec ion belo de c ibe he e and o he ec i fea e of

he And oid pla fo m. Fig re 1 mma i e he ec i
componen and con ide a ion of he a io le el of he And oid
of a e ack. Each componen a me ha he componen
belo a e p ope l ec ed. Wi h he e cep ion of a mall amo n
of And oid OS code nning a oo , all code abo e he Lin Ke nel
i e ic ed b he Applica ion Sandbo .

source.android.com/tech/security/index.html#system-and-kernel-level-se 4/17
06/11/11 Android Security Overview | Android Open Source

Figure 1: Android soft are stack .

S stem and Kernel Level Securit

A he ope a ing em le el, he And oid pla fo m p o ide he
ec i of he Lin ke nel, a ell a a ec e in e -p oce
comm nica ion (IPC) facili o enable ec e comm nica ion
be een applica ion nning in diffe en p oce e . The e ec i
fea e a he OS le el en e ha e en na i e code i con ained
b he Applica ion Sandbo . Whe he ha code i he e l of
incl ded applica ion beha io o a e ploi a ion of an applica ion
lne abili , he em o ld p e en he og e applica ion f om
ha ming o he applica ion , he And oid em, o he de ice i elf.

Linu Securit
The fo nda ion of he And oid pla fo m i he Lin ke nel. The
Lin ke nel i elf ha been in ide p ead e fo ea , and i
ed in million of ec i - en i i e en i onmen . Th o gh i
hi o of con an l being e ea ched, a acked, and fi ed b
ho and of de elope , Lin ha become a able and ec e
ke nel ed b man co po a ion and ec i p ofe ional .

A he ba e fo a mobile comp ing en i onmen , he Lin ke nel

p o ide And oid i h e e al ke ec i fea e , incl ding:

A e -ba ed pe mi ion model

P oce i ola ion
E en ible mechani m fo ec e IPC
The abili o emo e nnece a and po en iall in ec e
pa of he ke nel

A am li e ope a ing em, a f ndamen al ec i objec i e

source.android.com/tech/security/index.html#system-and-kernel-level-se 5/17
06/11/11 Android Security Overview | Android Open Source
L .
T L
.T ,L :

P A B'
E A B'
E A B' CPU

E A B' ( . .
, GPS, )

The Application Sandbo

T A L -

.T A ID (UID)
A
.T
( L ),
.

T - A S .T

L ,
ID .B ,

.I A
B'
( ),
A
.T ,
, - UNIX-
.

S A S ,
.A
Fig re 1,
, , ,
A S .O
,
, API , .O
A ,
; ,
.

I ,
.T
A
OS .A

,
.

L , A S
.H , A S
,
L .

S stem Partition and Safe Mode

T A '
, ,
source.android.com/tech/security/index.html#system-and-kernel-level-se 6/17
06/11/11 Android Security Overview | Android Open Source
framework, and applications. This partition is set to read-only.
When a user boots the device into Safe Mode, only core Android
applications are available. This ensures that the user can boot their
phone into an environment that is free of third-party software.

Files stem Permissions

In a UNIX-style environment, filesystem permissions ensure that
one user cannot alter or read another user's files. In the case of
Android, each application runs as its own user. Unless the
developer explicitly exposes files to other applications, files created
by one application cannot be read or altered by another application.

Files stem Encr ption

Android 3.0 and later provides full filesystem encryption, so all user
data can be encrypted in the kernel using the dmcrypt
implementation of AES128 with CBC and ESSIV:SHA256. The
encryption key is protected by AES128 using a key derived from
the user password, preventing unauthorized access to stored data
without the user device password. To provide resistance against
systematic password guessing attacks (e.g. rainbow tables or
brute force), the password is combined with a random salt and
hashed repeatedly with SHA1 using the standard PBKDF2
algorithm prior to being used to decrypt the filesystem key. To
provide resistance against dictionary password guessing attacks,
Android provides password complexity rules that can be set by the
device administrator and enforced by the operating system.
Filesystem encryption requires the use of a user password, pattern-
based screen lock is not supported.

More details on implementation of filesystem encryption are

available at
http://source.android.com/tech/encryption/android_crypto_implementation.html

Password Protection
Android can be configured to verify a user-supplied password prior
to providing access to a device. In addition to preventing
unauthorized use of the device, this password protects the
cryptographic key for full filesystem encryption.

Use of a password and/or password complexity rules can be

required by a device administrator.

Device Administration
Android 2.2 and later provide the Android Device Administration
API, which provides device administration features at the system
level. For example, the built-in Android Email application uses the
APIs to improve Exchange support. Through the Email application,
Exchange administrators can enforce password policies —
including alphanumeric passwords or numeric PINs — across
devices. Administrators can also remotely wipe (that is, restore
factory defaults on) lost or stolen handsets.

In addition to use in applications included with the Android system,

these APIs are available to third-party providers of Device
Management solutions. Details on the API are provided here:
http://developer.android.com/guide/topics/admin/device-admin.html.

Memor Management Securit Enhancements

source.android.com/tech/security/index.html#system-and-kernel-level-se 7/17
06/11/11 Android Security Overview | Android Open Source
A d id i c de a fea e ha a e c ec i i e
ha de e i . The A d id SDK, c i e , a d OS e
a ec e c i i e ig ifica ha de
e i , i c di g:

Ha d a e-ba ed N eXec e (NX) e e c de e ec i

he ac a d hea
P P ice ee ac b ffe e
afe_i ed ce i ege ef
E e i O e BSD d a c e e d b e f ee()
e abi i ie a d e e ch c ida i a ac .
Ch c ida i a ac a e a c a e i
hea c i .
O e BSD ca c e e i ege ef d i g e
a ca i
Li a _ i _add () i iga e i e de efe e ce
i i ege e ca a i

Rooting of De ices
B defa , A d id he e e a d a a b e f he
c e a ica i ih e i i . A d id d e
ee a e a ica i ih e i i f dif i g
he e a i g e , e e, a d a he a ica i . I ge e a ,
ha f acce a a ica i a d a a ica i da a.
U e ha cha ge he e i i a A d id de ice g a
acce a ica i i c ea e he ec i e e
a ici a ica i a d e ia a ica i f a .

The abi i dif a A d id de ice he i i a

de e e i g i h he A d id a f .O a A d id
de ice e ha e he abi i c he b ade i de
a i a ai fa a e ae eai g e . The e a e a e
eai g e a a a e gai acce f
e f deb ggi g a ica i a d e c e
acce fea e e e ed a ica i b A d id API .

O e de ice , a e i h h ica c f a de ice a d a

USB cab e i ab e i a a e eai g e ha ide
i i ege he e.T ec a e i i g e da a f
c i e he b ade c echa i e i e ha he
b ade e a e a e i i g e da a a a f he c e .
R acce gai ed ia e ii ga e e b g ec i h e ca
b a hi ec i .

E c i g da a i h a e ed -de ice d e ec he
a ica i da a f e . A ica i ca add a a e f
da a ec i i ge c i iha e ed ff-de ice, ch
a a e e a e a d. Thi a ach ca ide
e a ec i hi e he e i e e ,b a e i
he e be ided he a ica i a d i he bec e
acce ib e e .

A e b a ach ec i g da a f e i
h gh he e f ha d a e i . OEM a ch e
i e e ha d a e i ha i i acce ecific e f
c e ch a DRM f ide a bac , he NFC- e a ed ed
age f G g e a e .

I he ca e f a e de ice, f fi e e e c i
A d id de ice e he de ice a d ec he e c i
e , dif i g he b ade eai g e i
source.android.com/tech/security/index.html#system-and-kernel-level-se 8/17
06/11/11 Android Security Overview | Android Open Source
sufficient to access user data without the user s device password.

Android Application Securit

Elements of Applications
Android provides an open source platform and application
environment for mobile devices. The core operating system is based
on the Linux kernel. Android applications are most often written in
the Java programming language and run in the Dalvik virtual
machine. However, applications can also be written in native code.
Applications are installed from a single file with the .apk file
extension.

The main Android application building blocks are:

AndroidManifest. ml: The AndroidManifest.xml file is the

control file that tells the system what to do with all the top-
level components (specifically activities, services, broadcast
receivers, and content providers described below) in an
application. This also specifies which permissions are
required.

Activities: An Activity is, generally, the code for a single,

user-focused task. It usually includes displaying a UI to the
user, but it does not have to -- some Activities never display
UIs. Typically, one of the application's Activities is the entry
point to an application.

Services: A Service is a body of code that runs in the

background. It can run in its own process, or in the context
of another application's process. Other components "bind" to
a Service and invoke methods on it via remote procedure
calls. An example of a Service is a media player: even when
the user quits the media-selection UI, the user probably still
intends for music to keep playing. A Service keeps the
music going even when the UI has completed.

Broadcast Receiver: A BroadcastReceiver is an object that

is instantiated when an IPC mechanism known as an Intent
is issued by the operating system or another application. An
application may register a receiver for the low battery
message, for example, and change its behavior based on
that information.

The Android Permission Model: Accessing

Protected APIs
By default, an Android application can only access a limited range
of system resources. The system manages Android application
access to resources that, if used incorrectly or maliciously, could
adversely impact the user experience, the network, or data on the
device.

These restrictions are implemented in a variety of different forms.

Some capabilities are restricted by an intentional lack of APIs to
the sensitive functionality (e.g. there is no Android API for directly
manipulating the SIM card). In some instances, separation of roles
provides a security measure, as with the per-application isolation of
storage. In other instances, the sensitive APIs are intended for use
by trusted applications and protected through a security
mechanism known as Permissions.

source.android.com/tech/security/index.html#system-and-kernel-level-se 9/17
06/11/11 Android Security Overview | Android Open Source
The e ec ed API i c de:

Ca e a f c i
L ca i da a (GPS)
B e hf ci
Te e h f ci
SMS/MMS f c i
Ne /da a c ec i

The e e ce a e acce ib e h gh he e a i g e .
T a e e f he ec ed API he de ice, a a ica i
defi e he ca abi i ie i eed i i a ife . Whe
e a i g i a a a ica i , he e di a a dia g
he e ha i dica e he e i i e e ed a d a
he he c i e he i a a i . If he e c i e i h he
i a a i , he e acce ha he e ha g a ed a f he
e e ed e i i . The e ca ga de i di id a
e i i -- he e ga de a f he e e ed
e i i a ab c .

O ce g a ed, he e i i a e a ied he a ica i a

g a i i i a ed. T a id e c f i , he e d e
if he e agai f he e i i g a ed he a ica i ,
a d a ica i ha a e i c ded i he c e e a i g e
b d ed b a OEM d e e e i i f he e.
Pe i i ae e ed if a a ica i i i a ed, a
b e e e-i a a i i agai e i di a f
e i i .

Wi hi he de ice e i g , e a e ab e ie e i i f
a ica i he ha e e i i a ed. U e ca a ff
e f c i a i g ba he he ch e, ch a di ab i g
GPS, adi , i-fi.

I he e e ha a a ica i a e ea ec ed fea e
hich ha bee dec a ed i he a ica i ' a ife , he
e i i fai e i ica e i a ec i e ce i bei g
h bac he a ica i . P ec ed API e i i chec
a e e f ced a he e ib e e e e e ci c e i .
A e a e f he e e agi g he a a ica i i i a ed
hi e e e i g acce ec ed API i h i Fig re 2.

The e defa e i i a e de c ibed a

h ://c de.g g e.c /a d id/ efe e ce/a d id/Ma ife . e i i .h
A ica i a dec a e hei e i i f he
a ica i e. S ch e i i ae i ed i he ab e
ca i .

Whe defi i g a e i i a ec i Le e a ib e e he
e h he e i be i f ed f a ica i e i i g he
e i i , h i a ed h d a e i i . De ai
c ea i g a d i g a ica i ecific e i i a e de c ibed a
h ://de e e .a d id.c /g ide/ ic / ec i / ec i .h .

The e a e e de ice ca abi i ie , ch a he abi i e d

SMS b adca i e , ha a e a ai ab e hi d- a
a ica i , b ha a be ed b a ica i e-i a ed b
he OEM. The e e i i e he ig a eO S e
e i i .

How Users Understand Third-Part Applications

source.android.com/tech/security/index.html#system-and-kernel-level-se 10/17
06/11/11 Android Security Overview | Android Open Source
A d id i e a e i c ea e he he a e i e ac i g
i h hi d- a a ica i a di f he e f he ca abi i ie
h e a ica i ha e. P i i a ai fa a ica i , he
e i h a c ea e age ab he diffe e e i i he
a ica i i e e i g. Af e i a , he e i ed
agai c fi a e i i .

The e a e a ea h e i i i edia e i
i a ai i e. Thi i he e i ac i e e ie i g i f ai
ab he a ica i , de e e , a d f c i a i de e i e
he he i a che hei eed a d e ec a i .I i a
i a ha he ha e e e ab i hed a e a fi a cia
c i e he a , a d ca ea i c a e he a ica i
he a e a i e a ica i .

S e he a f e a diffe e a ach e ifica i ,

e e i g e i i a he a f each e i hi e
a ica i aei e. The i i f A d id i ha e e
i chi g ea e be ee a ica i a i . P idi g
c fi a i each i e d d he e a d e e
A d id f de i e i g a g ea e e e ie ce. Ha i g he e
e ie e i i a i a i e gi e he e he i
i a he a ica i if he fee c f ab e.

A , a e i e face die ha e h ha e- i g
he e ca e he e a a i g "OK" a dia g ha i
h . O e f A d id' ec i g a i effec i e c e
i a ec i i f ai he e , hich ca be d e
i g dia g ha he e i be ai ed ig e. B e e i g
he i a i f ai ce, a d he i i i a , he
e i e i e hi ab ha he a e ag eei g .

S e af ch e h a i f a i a a ab
a ica i f c i a i . Tha a ach e e e f ea i
de a di g a d di c i g a ica i ca abi i ie . Whi e i i
ib e f a e a a a ef i f ed deci i ,
he A d id e i i de a e i f a i ab
a ica i ea i acce ib e a ide a ge f e . F
e a e, e ec ed e i i e e ca e
hi ica ed e a c i ica e i ab a ica i
f c i a i a d ha e hei c ce i ace ch a he
A d id Ma e he e he a e i ib e a e .

Pe mi ion a Applica ion In all -- Pe mi ion of an In alled

Google Map -- gMail

source.android.com/tech/security/index.html#system-and-kernel-level-se 11/17
06/11/11 Android Security Overview | Android Open Source

Figure 2: Displa of permissions for applications

In e p oce Comm nica ion

P oce e can comm nica e ing an of he adi ional UNIX- pe
mechani m . E ample incl de he file em, local ocke , o
ignal . Ho e e , he Lin pe mi ion ill appl .

And oid al o p o ide ne IPC mechani m :

Binde : A ligh eigh capabili -ba ed emo e p oced e call

mechani m de igned fo high pe fo mance hen pe fo ming
in-p oce and c o -p oce call . Binde i implemen ed
ing a c om Lin d i e . See
h p://de elope .and oid.com/ efe ence/and oid/o /Binde .h ml.

Se ice : Se ice (di c ed abo e) can p o ide in e face

di ec l acce ible ing binde .

In en : An In en i a imple me age objec ha

ep e en an "in en ion" o do ome hing. Fo e ample, if
o applica ion an o di pla a eb page, i e p e e
i "In en " o ie he URL b c ea ing an In en in ance
and handing i off o he em. The em loca e ome
o he piece of code (in hi ca e, he B o e ) ha kno
ho o handle ha In en , and n i . In en can al o be
ed o b oadca in e e ing e en ( ch a a no ifica ion)
em- ide. See
h p://code.google.com/and oid/ efe ence/and oid/con en /In en .h ml

Con en P o ide : A Con en P o ide i a da a o eho e

ha p o ide acce o da a on he de ice; he cla ic
e ample i he Con en P o ide ha i ed o acce he
e ' li of con ac . An applica ion can acce da a ha
o he applica ion ha e e po ed ia a Con en P o ide , and
source.android.com/tech/security/index.html#system-and-kernel-level-se 12/17
06/11/11 Android Security Overview | Android Open Source
a a ica i ca a defi e i C e P ide
e e da a f i . See
h ://c de.g g e.c /a d id/ efe e ce/a d id/c e /C e P id

Whi e i i ib e i e e IPC i g he echa i

ch a e c e d- i ab e fi e , he e a e he
ec e ded A d id IPC f a e . A d id de e e i be
e c aged e be ac ice a d ec i g e ' da a a d
a idi g he i d ci f ec i e abi i ie .

Cost-Sensiti e APIs
Ac e i i e API i a f c i ha igh ge e a e a c f
he e he e . The A d id a f ha aced c
e i i e API i he i f ec ed API c ed b he OS.
The e i ha e g a e ici e i i hi d- a
a ica i e e i g e fc e i i e API . The e API
i c de:

Te e h
SMS/MMS
Ne /Da a
I -A Bi i g
NFC Acce

SIM Card Access

L e e acce he SIM ca d i a ai ab e hi d- a
a . The OS ha d e a c ica i i h he SIM ca d
i c di g acce e a i f a i (c ac ) he SIM ca d
e . A ica i a ca acce AT c a d , a he e
a e a aged e c i e b he Radi I e face La e (RIL). The RIL
ide high e e API f he e c a d .

Personal Information
A d id ha aced API ha ide acce e da a i he
e f ec ed API . Wi h a age, A d id de ice i a
acc a e e da a i hi hi d- a a ica i i a ed b
e . A ica i ha ch e ha e hi i f a i ca e
A d id OS e i i chec ec he da a f hi d- a
a ica i .

Figure 3: Access to sensitive user data is onl available through

protected APIs
source.android.com/tech/security/index.html#system-and-kernel-level-se 13/17
06/11/11 Android Security Overview | Android Open Source

.T

.D
, -
.I ,

A , ,
.I

IPC,
IPC .

Sen i i e Da a Inp De ice

A
,
, GPS. F -
,
A OS P .U
,
.

I ' ,
' .U
,
' .A ,
,
"S " , "L &S ",
"U " "E GPS
". T
' .

De ice Me ada a
A
,
, ,
.

B
, , , /
.I
,
.I
, .

Applica ion Signing

C

.E
A .
A
A M
A .

O A M , G
source.android.com/tech/security/index.html#system-and-kernel-level-se 14/17
06/11/11 Android Security Overview | Android Open Source
ha i h he de elope and he he de elope ha i h hei
applica ion. De elope kno hei applica ion i p o ided,
nmodified o he And oid de ice; and de elope can be held
acco n able fo beha io of hei applica ion.

On And oid, applica ion igning i he fi ep o placing an

applica ion in i Applica ion Sandbo . The igned applica ion
ce ifica e define hich e id i a ocia ed i h hich
applica ion; diffe en applica ion n nde diffe en e ID .
Applica ion igning en e ha one applica ion canno acce an
o he applica ion e cep h o gh ell-defined IPC.

When an applica ion (APK file) i in alled on o an And oid de ice,

he Package Manage e ifie ha he APK ha been p ope l
igned i h he ce ifica e incl ded in ha APK. If he ce ifica e (o ,
mo e acc a el , he p blic ke in he ce ifica e) ma che he ke
ed o ign an o he APK on he de ice, he ne APK ha he
op ion o pecif in he manife ha i ill ha e a UID i h he
o he imila l - igned APK .

Applica ion can be igned b a hi d-pa (OEM, ope a o ,

al e na i e ma ke ) o elf- igned. And oid p o ide code igning
ing elf- igned ce ifica e ha de elope can gene a e i ho
e e nal a i ance o pe mi ion. Applica ion do no ha e o be
igned b a cen al a ho i . And oid c en l doe no pe fo m
CA e ifica ion fo applica ion ce ifica e .

Applica ion a e al o able o decla e ec i pe mi ion a he

Signa e p o ec ion le el, e ic ing acce onl o applica ion
igned i h he ame ke hile main aining di inc UID and
Applica ion Sandbo e . A clo e ela ion hip i h a ha ed
Applica ion Sandbo i allo ed ia he ha ed UID fea e he e
o o mo e applica ion igned i h ame de elope ke can
decla e a ha ed UID in hei manife .

Digi al Righ Managemen

The And oid pla fo m p o ide an e en ible DRM f ame o k ha
le applica ion manage igh -p o ec ed con en acco ding o he
licen e con ain ha a e a ocia ed i h he con en . The DRM
f ame o k ppo man DRM cheme ; hich DRM cheme a
de ice ppo i lef o he de ice man fac e .

The And oid DRM f ame o k i implemen ed in o a chi ec al

la e ( ee fig e belo ):

A DRM f ame o k API, hich i e po ed o applica ion

h o gh he And oid applica ion f ame o k and n h o gh
he Dal ik VM fo anda d applica ion .

A na i e code DRM manage , hich implemen he DRM

f ame o k and e po e an in e face fo DRM pl g-in
(agen ) o handle igh managemen and dec p ion fo
a io DRM cheme

source.android.com/tech/security/index.html#system-and-kernel-level-se 15/17
06/11/11 Android Security Overview | Android Open Source

Fig e 4: A chi ec e of Digi al Righ Managemen on And oid

pla fo m

And oid Upda e

A
.

T A :
- - (OTA ) - . OTA

, OEM /
.S -

.O
SD ,A
, ,
.

I
G A O S P , A
.

1. T A
NDA
.
2. T .
3. T A A - .
4. W , NDA
.
5. T A A O
S P
6. OEM/ .

T NDA
.
M OHA A
, , .O A
S ,
OHA
.H , OHA

source.android.com/tech/security/index.html#system-and-kernel-level-se 16/17
06/11/11 Android Security Overview | Android Open Source
I ( . .,
), G /
A O S P
.T (
) .

A G I/O 2011, OHA

18 .
T A
, .

A ,A ,
A
@ . .I ,
A PGP :
:// . . / _ _ _ _ . .

O he Re o ce
I A O S P
:// . . .

I A :
:// . . .

T A S
@ . .

S A O S
D S .A :
:// . . / / / / . .

AS FAQ :
:// . . / / / . .

A A
: :// . . / / - - .

S T S -P P G T

source.android.com/tech/security/index.html#system-and-kernel-level-se 17/17