| Clay Murphy | 8aa3ad2 | 2014-11-26 16:59:21 -0800 | [diff] [blame] | 1 | page.title=Security overview |
| 2 | @jd:body |
| 3 | <!-- |
| 4 | Copyright 2014 The Android Open Source Project |
| 5 | |
| 6 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | you may not use this file except in compliance with the License. |
| 8 | You may obtain a copy of the License at |
| 9 | |
| 10 | http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | |
| 12 | Unless required by applicable law or agreed to in writing, software |
| 13 | distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | See the License for the specific language governing permissions and |
| 16 | limitations under the License. |
| 17 | --> |
| 18 | <div id="qv-wrapper"> |
| 19 | <div id="qv"> |
| Clay Murphy | 06fe099 | 2014-12-04 14:13:56 -0800 | [diff] [blame] | 20 | <h2>In this document</h2> |
| 21 | <ol id="auto-toc"></ol> |
| Clay Murphy | 8aa3ad2 | 2014-11-26 16:59:21 -0800 | [diff] [blame] | 22 | </div> |
| 23 | </div> |
| Clay Murphy | 06fe099 | 2014-12-04 14:13:56 -0800 | [diff] [blame] | 24 | |
| Clay Murphy | 8aa3ad2 | 2014-11-26 16:59:21 -0800 | [diff] [blame] | 25 | <h2 id="android-security-program-overview">Security Program Overview</h2> |
| 26 | <p>Early on in development, the core Android development team recognized that a |
| 27 | robust security model was required to enable a vigorous ecosystem of |
| 28 | applications and devices built on and around the Android platform and supported |
| 29 | by cloud services. As a result, through its entire development lifecycle, |
| 30 | Android has been subjected to a professional security program. The Android team |
| 31 | has had the opportunity to observe how other mobile, desktop, and server platforms |
| 32 | prevented and reacted to security issues and built a security |
| 33 | program to address weak points observed in other offerings.</p> |
| 34 | <p>The key components of the Android Security Program include:</p> |
| 35 | <ul> |
| 36 | <li><strong>Design Review</strong>: The Android security process begins early in the |
| 37 | development lifecycle with the creation of a rich and configurable security |
| 38 | model and design. Each major feature of the platform is reviewed by engineering |
| 39 | and security resources, with appropriate security controls integrated into the |
| 40 | architecture of the system.</li> |
| 41 | <li><strong>Penetration Testing and Code Review</strong>: During the development of the |
| Clay Murphy | fa783d8 | 2015-05-01 14:26:20 -0700 | [diff] [blame] | 42 | platform, Android-created and open source components are subject to vigorous |
| Clay Murphy | 8aa3ad2 | 2014-11-26 16:59:21 -0800 | [diff] [blame] | 43 | security reviews. These reviews are performed by the Android Security Team, |
| 44 | Google’s Information Security Engineering team, and independent security |
| 45 | consultants. The goal of these reviews is to identify weaknesses and possible |
| Clay Murphy | fa783d8 | 2015-05-01 14:26:20 -0700 | [diff] [blame] | 46 | vulnerabilities well before the platform is open sourced, and to simulate the |
| Clay Murphy | 8aa3ad2 | 2014-11-26 16:59:21 -0800 | [diff] [blame] | 47 | types of analysis that will be performed by external security experts upon |
| 48 | release.</li> |
| 49 | <li><strong>Open Source and Community Review</strong>: The Android Open Source Project enables |
| 50 | broad security review by any interested party. Android also uses open source |
| 51 | technologies that have undergone significant external security review, |
| 52 | such as the Linux kernel. Google Play provides a forum for users and companies |
| 53 | to provide information about specific applications directly to users.</li> |
| 54 | <li><strong>Incident Response</strong>: Even with all of these precautions, security issues |
| 55 | may occur after shipping, which is why the Android project has created a |
| 56 | comprehensive security response process. A full-time Android security team |
| 57 | constantly monitors Android-specific and the general security community for |
| 58 | discussion of potential vulnerabilities. Upon the discovery of legitimate |
| 59 | issues, the Android team has a response process that enables the rapid |
| 60 | mitigation of vulnerabilities to ensure that potential risk to all Android |
| 61 | users is minimized. These cloud-supported responses can include updating the |
| 62 | Android platform (over-the-air updates), removing applications from Google |
| 63 | Play, and removing applications from devices in the field.</li> |
| 64 | </ul> |
| 65 | <h2 id="android-platform-security-architecture">Platform Security Architecture</h2> |
| 66 | <p>Android seeks to be the most secure and usable operating system for mobile |
| 67 | platforms by re-purposing traditional operating system security controls to:</p> |
| 68 | <ul> |
| 69 | <li>Protect user data</li> |
| 70 | <li>Protect system resources (including the network)</li> |
| 71 | <li>Provide application isolation</li> |
| 72 | </ul> |
| 73 | <p>To achieve these objectives, Android provides these key security features:</p> |
| 74 | <ul> |
| 75 | <li>Robust security at the OS level through the Linux kernel</li> |
| 76 | <li>Mandatory application sandbox for all applications</li> |
| 77 | <li>Secure interprocess communication</li> |
| 78 | <li>Application signing</li> |
| 79 | <li>Application-defined and user-granted permissions</li> |
| 80 | </ul> |