Professional Documents
Culture Documents
A d id.c
Topics
Da i I Thi D c e
Deb ggi g
E c i A d id Sec i O e ie
Sec i I d ci
Bac g d
A d id Sec i P g a O e ie
A d id P a f Sec i A chi ec e
S e a d Ke e Le e Sec i
Li Sec i
The A ica i Sa db
S e Pa i i a d Safe M de
Fi e e Pe i i
Fi e e E c i
Pa d P ec i
De ice Ad i i a i
Me Ma age e Sec i E ha ce e
R i g f De ice
A d id A ica i Sec i
Ee e f A ica i
The A d id Pe i i M de : Acce i g P ec ed
API
H U e U de a d Thi d-Pa A ica i
I e ce C ica i
C -Se i i e API
SIM Ca d Acce
Pe a I f ai
Se i i e Da a I De ice
De ice Me ada a
A ica i Sig i g
Digi a Righ Ma age e
A d id U da e
O he Re ce
Sec i g a e af e ie a b ec i a chi ec e
a d ig ec i g a . A d id a de ig ed i h i-
a e ed ec i ha ide he f e ibi i e i ed f a e
af , hi e idi g ec i f a e f he a f .
A d id a de ig ed i h de e e i i d. Sec i c
source.android.com/tech/security/index.html#system-and-kernel-level-se 1/17
06/11/11 Android Security Overview | Android Open Source
e e de ig ed ed ce he b de de e e . Sec i - a
de e e ca ea i iha d e f e ib e ec i
c . De e e e fa i ia i h ec i i be ec ed b
afe defa .
A d id a de ig ed i h de ice e i i d. U e a e ided
i ibi i i h a ica i ,a dc e h e
a ica i . Thi de ig i c de he e ec a i ha a ac e
da e ef c a ac , ch a cia
e gi ee i g a ac c i ce de ice e i a a a e,
a d a ac hi d- a a ica i A d id. A d id a
de ig ed b h ed ce he babi i f he e a ac a d g ea
i i he i ac f he a ac i he e e i a cce f .
Thi d c e i e he g a f he A d id ec i ga ,
de c ibe he f da e a f he A d id ec i a chi ec e,
a da e he e i e e i f e a chi ec
a d ec i a a . Thi d c e f c e he ec i
fea e f A d id' c e a f a dd e di c ec i
i e ha a e i e ecific a ica i , ch a h e
e a ed he b e SMS a ica i . Rec e ded be
ac ice f b i di g A d id de ice , de i g A d id de ice ,
de e i g a ica i f A d id a e he g a f hi
d c e a dae ided e e he e.
Background
A d id ide a e ce af a da ica i
e i e f bi e de ice .
The ai A d id af b i di g b c a e:
A d id a ica i e e d he c e A d id e a i g e .
The e a e i a ce f a ica i :
Pre-Installed Applications: A d id i c de a e f e-
i a ed a ica i i c di g h e, e ai , ca e da , eb
b e , a d c ac . The e f c i b ha e
a ica i a d ide e de ice ca abi i ie ha ca
be acce ed b he a ica i . P e-i a ed a ica i
source.android.com/tech/security/index.html#system-and-kernel-level-se 2/17
06/11/11 Android Security Overview | Android Open Source
may be part of the open source Android platform, or they
may be developed by an OEM for a specific device.
These services are not part of the Android Open Source Project and
are out of scope for this document. But they are relevant to the
security of most Android devices, so a related security document
titled “Google Services for Android: Security Overview” is available.
source.android.com/tech/security/index.html#system-and-kernel-level-se 3/17
06/11/11 Android Security Overview | Android Open Source
pe of anal i ha ill be pe fo med b e e nal ec i
e pe pon elea e.
Open Source and Communit Review: The And oid Open
So ce P ojec enable b oad ec i e ie b an
in e e ed pa . And oid al o e open o ce
echnologie ha ha e nde gone ignifican e e nal
ec i e ie , ch a he Lin ke nel. The And oid
Ma ke p o ide a fo m fo e and companie o p o ide
info ma ion abo pecific applica ion di ec l o e .
Incident Response: E en i h all of he e p eca ion ,
ec i i e ma occ af e hipping, hich i h he
And oid p ojec ha c ea ed a comp ehen i e ec i
e pon e p oce . A f ll- ime And oid ec i eam
con an l moni o And oid- pecific and he gene al
ec i comm ni fo di c ion of po en ial lne abili ie .
Upon he di co e of legi ima e i e , he And oid eam
ha a e pon e p oce ha enable he apid mi iga ion of
lne abili ie o en e ha po en ial i k o all And oid
e i minimi ed. The e clo d- ppo ed e pon e can
incl de pda ing he And oid pla fo m (o e - he-ai pda e ),
emo ing applica ion f om he And oid Ma ke , and emo ing
applica ion f om de ice in he field.
P o ec e da a
P o ec em e o ce (incl ding he ne o k)
P o ide applica ion i ola ion
source.android.com/tech/security/index.html#system-and-kernel-level-se 4/17
06/11/11 Android Security Overview | Android Open Source
Linu Securit
The fo nda ion of he And oid pla fo m i he Lin ke nel. The
Lin ke nel i elf ha been in ide p ead e fo ea , and i
ed in million of ec i - en i i e en i onmen . Th o gh i
hi o of con an l being e ea ched, a acked, and fi ed b
ho and of de elope , Lin ha become a able and ec e
ke nel ed b man co po a ion and ec i p ofe ional .
P A B'
E A B'
E A B' CPU
E A B' ( . .
, GPS, )
.T A ID (UID)
A
.T
( L ),
.
T - A S .T
L ,
ID .B ,
.I A
B'
( ),
A
.T ,
, - UNIX-
.
S A S ,
.A
Fig re 1,
, , ,
A S .O
,
, API , .O
A ,
; ,
.
I ,
.T
A
OS .A
,
.
L , A S
.H , A S
,
L .
Password Protection
Android can be configured to verify a user-supplied password prior
to providing access to a device. In addition to preventing
unauthorized use of the device, this password protects the
cryptographic key for full filesystem encryption.
Device Administration
Android 2.2 and later provide the Android Device Administration
API, which provides device administration features at the system
level. For example, the built-in Android Email application uses the
APIs to improve Exchange support. Through the Email application,
Exchange administrators can enforce password policies —
including alphanumeric passwords or numeric PINs — across
devices. Administrators can also remotely wipe (that is, restore
factory defaults on) lost or stolen handsets.
Rooting of De ices
B defa , A d id he e e a d a a b e f he
c e a ica i ih e i i . A d id d e
ee a e a ica i ih e i i f dif i g
he e a i g e , e e, a d a he a ica i . I ge e a ,
ha f acce a a ica i a d a a ica i da a.
U e ha cha ge he e i i a A d id de ice g a
acce a ica i i c ea e he ec i e e
a ici a ica i a d e ia a ica i f a .
E c i g da a i h a e ed -de ice d e ec he
a ica i da a f e . A ica i ca add a a e f
da a ec i i ge c i iha e ed ff-de ice, ch
a a e e a e a d. Thi a ach ca ide
e a ec i hi e he e i e e ,b a e i
he e be ided he a ica i a d i he bec e
acce ib e e .
A e b a ach ec i g da a f e i
h gh he e f ha d a e i . OEM a ch e
i e e ha d a e i ha i i acce ecific e f
c e ch a DRM f ide a bac , he NFC- e a ed ed
age f G g e a e .
I he ca e f a e de ice, f fi e e e c i
A d id de ice e he de ice a d ec he e c i
e , dif i g he b ade eai g e i
source.android.com/tech/security/index.html#system-and-kernel-level-se 8/17
06/11/11 Android Security Overview | Android Open Source
sufficient to access user data without the user s device password.
source.android.com/tech/security/index.html#system-and-kernel-level-se 9/17
06/11/11 Android Security Overview | Android Open Source
The e ec ed API i c de:
Ca e a f c i
L ca i da a (GPS)
B e hf ci
Te e h f ci
SMS/MMS f c i
Ne /da a c ec i
The e e ce a e acce ib e h gh he e a i g e .
T a e e f he ec ed API he de ice, a a ica i
defi e he ca abi i ie i eed i i a ife . Whe
e a i g i a a a ica i , he e di a a dia g
he e ha i dica e he e i i e e ed a d a
he he c i e he i a a i . If he e c i e i h he
i a a i , he e acce ha he e ha g a ed a f he
e e ed e i i . The e ca ga de i di id a
e i i -- he e ga de a f he e e ed
e i i a ab c .
Wi hi he de ice e i g , e a e ab e ie e i i f
a ica i he ha e e i i a ed. U e ca a ff
e f c i a i g ba he he ch e, ch a di ab i g
GPS, adi , i-fi.
I he e e ha a a ica i a e ea ec ed fea e
hich ha bee dec a ed i he a ica i ' a ife , he
e i i fai e i ica e i a ec i e ce i bei g
h bac he a ica i . P ec ed API e i i chec
a e e f ced a he e ib e e e e e ci c e i .
A e a e f he e e agi g he a a ica i i i a ed
hi e e e i g acce ec ed API i h i Fig re 2.
Whe defi i g a e i i a ec i Le e a ib e e he
e h he e i be i f ed f a ica i e i i g he
e i i , h i a ed h d a e i i . De ai
c ea i g a d i g a ica i ecific e i i a e de c ibed a
h ://de e e .a d id.c /g ide/ ic / ec i / ec i .h .
source.android.com/tech/security/index.html#system-and-kernel-level-se 10/17
06/11/11 Android Security Overview | Android Open Source
A d id i e a e i c ea e he he a e i e ac i g
i h hi d- a a ica i a di f he e f he ca abi i ie
h e a ica i ha e. P i i a ai fa a ica i , he
e i h a c ea e age ab he diffe e e i i he
a ica i i e e i g. Af e i a , he e i ed
agai c fi a e i i .
The e a e a ea h e i i i edia e i
i a ai i e. Thi i he e i ac i e e ie i g i f ai
ab he a ica i , de e e , a d f c i a i de e i e
he he i a che hei eed a d e ec a i .I i a
i a ha he ha e e e ab i hed a e a fi a cia
c i e he a , a d ca ea i c a e he a ica i
he a e a i e a ica i .
A , a e i e face die ha e h ha e- i g
he e ca e he e a a i g "OK" a dia g ha i
h . O e f A d id' ec i g a i effec i e c e
i a ec i i f ai he e , hich ca be d e
i g dia g ha he e i be ai ed ig e. B e e i g
he i a i f ai ce, a d he i i i a , he
e i e i e hi ab ha he a e ag eei g .
S e af ch e h a i f a i a a ab
a ica i f c i a i . Tha a ach e e e f ea i
de a di g a d di c i g a ica i ca abi i ie . Whi e i i
ib e f a e a a a ef i f ed deci i ,
he A d id e i i de a e i f a i ab
a ica i ea i acce ib e a ide a ge f e . F
e a e, e ec ed e i i e e ca e
hi ica ed e a c i ica e i ab a ica i
f c i a i a d ha e hei c ce i ace ch a he
A d id Ma e he e he a e i ib e a e .
source.android.com/tech/security/index.html#system-and-kernel-level-se 11/17
06/11/11 Android Security Overview | Android Open Source
Cost-Sensiti e APIs
Ac e i i e API i a f c i ha igh ge e a e a c f
he e he e . The A d id a f ha aced c
e i i e API i he i f ec ed API c ed b he OS.
The e i ha e g a e ici e i i hi d- a
a ica i e e i g e fc e i i e API . The e API
i c de:
Te e h
SMS/MMS
Ne /Da a
I -A Bi i g
NFC Acce
Personal Information
A d id ha aced API ha ide acce e da a i he
e f ec ed API . Wi h a age, A d id de ice i a
acc a e e da a i hi hi d- a a ica i i a ed b
e . A ica i ha ch e ha e hi i f a i ca e
A d id OS e i i chec ec he da a f hi d- a
a ica i .
.T
.D
, -
.I ,
A , ,
.I
IPC,
IPC .
I ' ,
' .U
,
' .A ,
,
"S " , "L &S ",
"U " "E GPS
". T
' .
De ice Me ada a
A
,
, ,
.
B
, , , /
.I
,
.I
, .
.E
A .
A
A M
A .
O A M , G
source.android.com/tech/security/index.html#system-and-kernel-level-se 14/17
06/11/11 Android Security Overview | Android Open Source
ha i h he de elope and he he de elope ha i h hei
applica ion. De elope kno hei applica ion i p o ided,
nmodified o he And oid de ice; and de elope can be held
acco n able fo beha io of hei applica ion.
source.android.com/tech/security/index.html#system-and-kernel-level-se 15/17
06/11/11 Android Security Overview | Android Open Source
T A :
- - (OTA ) - . OTA
, OEM /
.S -
.O
SD ,A
, ,
.
I
G A O S P , A
.
1. T A
NDA
.
2. T .
3. T A A - .
4. W , NDA
.
5. T A A O
S P
6. OEM/ .
T NDA
.
M OHA A
, , .O A
S ,
OHA
.H , OHA
source.android.com/tech/security/index.html#system-and-kernel-level-se 16/17
06/11/11 Android Security Overview | Android Open Source
I ( . .,
), G /
A O S P
.T (
) .
A ,A ,
A
@ . .I ,
A PGP :
:// . . / _ _ _ _ . .
O he Re o ce
I A O S P
:// . . .
I A :
:// . . .
T A S
@ . .
S A O S
D S .A :
:// . . / / / / . .
AS FAQ :
:// . . / / / . .
A A
: :// . . / / - - .
S T S -P P G T
source.android.com/tech/security/index.html#system-and-kernel-level-se 17/17