1page.title=Security
2@jd:body
3<!--
4    Copyright 2015 The Android Open Source Project
5
6    Licensed under the Apache License, Version 2.0 (the "License");
7    you may not use this file except in compliance with the License.
8    You may obtain a copy of the License at
9
10        http://www.apache.org/licenses/LICENSE-2.0
11
12    Unless required by applicable law or agreed to in writing, software
13    distributed under the License is distributed on an "AS IS" BASIS,
14    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15    See the License for the specific language governing permissions and
16    limitations under the License.
17-->
18<div id="qv-wrapper">
19  <div id="qv">
20    <h2>In this document</h2>
21    <ol id="auto-toc"></ol>
22  </div>
23</div>
24
25<h2 id="introduction">Introduction</h2>
26<p>Android is a modern mobile platform that was designed to be truly open. Android
27  applications make use of advanced hardware and software, as well as local and
28  served data, exposed through the platform to bring innovation and value to
29  consumers. To protect that value, the platform must offer an application
30  environment that ensures the security of users, data, applications, the device,
31  and the network.</p>
32<p>Securing an open platform requires a robust security architecture and
33  rigorous security programs.  Android was designed with multi-layered
34  security that provides the flexibility required for an open platform, while
35  providing protection for all users of the platform. For information about
36  reporting security issues and the update process,
37  see <a href="{@docRoot}devices/tech/security/overview/updates-resources.html">Security Updates and Resources</a>.</p>
38<p>Android was designed with developers in mind. Security controls were designed
39  to reduce the burden on developers. Security-savvy developers can easily work
40  with and rely on flexible security controls.  Developers less familiar with
41  security will be protected by safe defaults.</p>
42<p>Android was designed with device users in mind. Users are provided visibility
43  into how applications work, and control over those applications.  This design
44  includes the expectation that attackers would attempt to perform common
45  attacks, such as social engineering attacks to convince device users to install
46  malware, and attacks on third-party applications on Android. Android was
47  designed to both reduce the probability of these attacks and greatly limit the
48  impact of the attack in the event it was successful.</p>
49<p>This documentation outlines the goals of the Android security program, describes the
50  fundamentals of the Android security architecture, and answers the most
51  pertinent questions for system architects and security analysts.  This document
52  focuses on the security features of Android's core platform and does not
53  discuss security issues that are unique to specific applications, such as those
54  related to the browser or SMS application. Recommended best practices for
55  building Android devices, deploying Android devices, or developing applications
56  for Android are not the goal of this document and are provided elsewhere.</p>
57
58<h2 id="background">Background</h2>
59<p>Android provides an open source platform and application environment for mobile
60  devices.</p>
61<p>The sections and pages below describe the security features of the Android
62  platform. <em>Figure 1</em> summarizes the security components and considerations of
63  the various levels of the Android software stack. Each component assumes that
64  the components below are properly secured. With the exception of a small amount
65  of Android OS code running as root, all code above the Linux Kernel is
66  restricted by the Application Sandbox.</p>
67<p><img alt="Figure 1: Android software stack" src="images/image00.png" /></p>
68<p><em>Figure 1: Android software stack.</em></p>
69<p>The main Android platform building blocks are:</p>
70<ul>
71  <li>
72    <p><strong>Device Hardware</strong>: Android runs on a wide range of hardware configurations
73      including smart phones, tablets, and set-top-boxes.  Android is
74      processor-agnostic, but it does take advantage of some hardware-specific
75      security capabilities such as ARM v6 eXecute-Never.</p>
76  </li>
77  <li>
78    <p><strong>Android Operating System</strong>: The core operating system is built on top of
79      the Linux kernel. All device resources, like camera functions, GPS data,
80      Bluetooth functions, telephony functions, network connections, etc. are
81      accessed through the operating system.</p>
82  </li>
83  <li>
84    <p><strong>Android Application Runtime</strong>: Android applications are most often written
85      in the Java programming language and run in the Dalvik virtual machine.
86      However, many applications, including core Android services and applications
87      are native applications or include native libraries. Both Dalvik and native
88      applications run within the same security environment, contained within the
89      Application Sandbox. Applications get a dedicated part of the filesystem in
90      which they can write private data, including databases and raw files.</p>
91  </li>
92</ul>
93<p>Android applications extend the core Android operating system. There are two
94  primary sources for applications:</p>
95<ul>
96  <li>
97    <p><strong>Pre-Installed Applications</strong>: Android includes a set of pre-installed
98      applications including phone, email, calendar, web browser, and contacts. These
99      function both as user applications and to provide key device capabilities that
100      can be accessed by other applications.  Pre-installed applications may be part
101      of the open source Android platform, or they may be developed by an OEM for a
102      specific device.</p>
103  </li>
104  <li>
105    <p><strong>User-Installed Applications</strong>: Android provides an open development
106      environment supporting any third-party application. Google Play offers
107      users hundreds of thousands of applications.</p>
108  </li>
109</ul>
110<p>Google provides a set of cloud-based services that are available to any
111  compatible Android device. The primary services are:</p>
112<ul>
113  <li>
114    <p><strong>Google Play</strong>: Google Play is a collection of services that
115      allow users to discover, install, and purchase applications from their Android
116      device or the web. Google Play makes it easy for developers to reach Android
117      users and potential customers. Google Play also provides community review,
118      application <a href="https://developer.android.com/guide/publishing/licensing.html">license
119        verification</a>, application security scanning, and other security services.</p>
120  </li>
121  <li>
122    <p><strong>Android Updates</strong>: The Android update service delivers new capabilities and
123      security updates to Android devices, including updates through the web or over
124      the air (OTA).</p>
125  </li>
126  <li>
127    <p><strong>Application Services</strong>: Frameworks that allow Android applications to use
128      cloud capabilities such as (<a href="https://developer.android.com/guide/topics/data/backup.html">backing
129        up</a>) application
130      data and settings and cloud-to-device messaging
131      (<a href="https://developers.google.com/android/c2dm/">C2DM</a>)
132      for push messaging.</p>
133  </li>
134</ul>
135<p>These services are not part of the Android Open Source Project and are out
136  of scope for this document. But they are relevant to the security of most
137  Android devices, so a related security document titled “Google Services for
138  Android: Security Overview” is available.</p>
139
140
141