Introduction to Android OS- A Guide to Android Security

Introduction to Android OS- A Guide to Android Security
You are here:

Android runs on a wide range of devices, from smartphones to tablets, and set-top boxes. Android is a Linux kernel mobile platform, and the mobile operating system performance is dependent on the processor of the mobile’s device.

Security is a major concern for an Android device, and it was developed keeping in mind the conducive to the use of third-party applications and cloud-based services. Android is secure and usable operating system for mobile platforms.

Android’s Five Key Security Features:

1.Security through the Linux kernel at the OS level

2.Mandatory application sandbox

3.Secure inter process communication

4.Application signing

5.Application-defined and user-granted permissions

Android Security: System-Level Security Features

The Linux kernel provides Android with a set of security measures. It grants the operating system a user-based permissions model, process isolation, a secure mechanism for IPC, and the ability to remove any unnecessary or potentially insecure parts of the kernel. It further works to prevent multiple system users from accessing each other’s resources and exhausting them.

Android Application Security Features

This user-based protection allows Android to create an “Application Sandbox.” Each Android app is assigned a unique user ID, and each runs as a separate process. Therefore, each application is enforced at the process level through the Linux kernel, which does not allow applications to interact with one another, and gives them only limited access to the Android operating system. This gives the user permission-based access control, and he/she is presented with a list of the activities the Android application will perform and what it will require to do them, before the app is even downloaded.

The filesystem permissions is also the same– each application has its own files, and unless a developer explicitly exposes files to another Android application, files created by one application cannot be read or altered by another.

Android Application Security Scans

When building and testing the security of Android apps, developers should follow Android security best practices and keep the following in mind when performing security tests:

•Inbound SMS listeners (command and control)
•Unsafe file creation
•Improper database storage
•Unsafe use of shared preferences
•Storage of sensitive data on mass storage device
•Content provider SQL injection
•APN or proxy modification

Android Security: Geared Towards User-Friendly Security

All of Android’s more technical security features are designed to be simply presented to the user, meaning that they can be easily controlled through the interface. Straightforward methods of improving your Android device’s security can include: using a password or pin, setting your phone to lock after a period of inactivity, only enabling wireless connections that you use, and only installing Android apps you trust and have personally vetted.

Google also only allows tested and proven secure Android applications into its marketplace, meaning that the user has less of a chance of installing a malicious app. Furthermore, the Android security system prompts the user to allow the installation of an application, meaning that it is impossible to remotely install and run an application. Users can further ensure that their Android device is secure by regularly installing system updates.

Last Updated On December 27, 2018

Julia Sowells698 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register