Android runs on a wide range of devices, from smartphones to tablets, and set-top boxes. Android is a Linux kernel mobile platform, and the mobile operating system performance is dependent on the processor of the mobile’s device.
Security is a major concern for an Android device, and it was developed keeping in mind the conducive to the use of third-party applications and cloud-based services. Android is secure and usable operating system for mobile platforms.
Android’s Five Key Security Features:
1.Security through the Linux kernel at the OS level
2.Mandatory application sandbox
3.Secure inter process communication
5.Application-defined and user-granted permissions
Android Security: System-Level Security Features
The Linux kernel provides Android with a set of security measures. It grants the operating system a user-based permissions model, process isolation, a secure mechanism for IPC, and the ability to remove any unnecessary or potentially insecure parts of the kernel. It further works to prevent multiple system users from accessing each other’s resources and exhausting them.
Android Application Security Features
This user-based protection allows Android to create an “Application Sandbox.” Each Android app is assigned a unique user ID, and each runs as a separate process. Therefore, each application is enforced at the process level through the Linux kernel, which does not allow applications to interact with one another, and gives them only limited access to the Android operating system. This gives the user permission-based access control, and he/she is presented with a list of the activities the Android application will perform and what it will require to do them, before the app is even downloaded.
The filesystem permissions is also the same– each application has its own files, and unless a developer explicitly exposes files to another Android application, files created by one application cannot be read or altered by another.
Android Application Security Scans
When building and testing the security of Android apps, developers should follow Android security best practices and keep the following in mind when performing security tests:
•Inbound SMS listeners (command and control)
•Unsafe file creation
•Improper database storage
•Unsafe use of shared preferences
•Storage of sensitive data on mass storage device
•Content provider SQL injection
•APN or proxy modification
Android Security: Geared Towards User-Friendly Security
All of Android’s more technical security features are designed to be simply presented to the user, meaning that they can be easily controlled through the interface. Straightforward methods of improving your Android device’s security can include: using a password or pin, setting your phone to lock after a period of inactivity, only enabling wireless connections that you use, and only installing Android apps you trust and have personally vetted.
Google also only allows tested and proven secure Android applications into its marketplace, meaning that the user has less of a chance of installing a malicious app. Furthermore, the Android security system prompts the user to allow the installation of an application, meaning that it is impossible to remotely install and run an application. Users can further ensure that their Android device is secure by regularly installing system updates.