8/3/2019 Android Security Overview _ Android Open Source
1/17
06/11/11 Android Security Overview | Android Open Source
1/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Topics
Dai
Debggig
Eci
Seci
I Thi Dce
Adid Seci Oeie
Idci
Bacgd
Adid Seci Pga Oeie
Adid Paf Seci Achiece
Se ad Kee Lee Seci
Li Seci
The Aicai Sadb
Se Paii ad Safe Mde
Fiee PeiiFiee Eci
Pad Peci
Deice Adiiai
Me Maagee Seci Ehacee
Rig f Deice
Adid Aicai Seci
Eee f Aicai
The Adid Peii Mde: Acceig Peced
API
H Ue Udead Thid-Pa Aicai
Iece Cicai
C-Seiie API
SIM Cad Acce
Pea Ifai
Seiie Daa I Deice
Deice Meadaa
Aicai Sigig
Digia Righ Maagee
Adid Udae
Ohe Rece
Android Securit OverviewIntroduction
Adid i a de bie af ha a deiged be
e. Adid aicai ae e f adaced hadae ad
fae, a e a ca ad eed daa, eed hgh he
af big iai ad ae ce. T ec ha
ae, he af ffe a aicai eie ha
ee he eci f e, daa, aicai, he deice, ad
he e.
Secig a e af eie a b eci achiecead ig eci ga. Adid a deiged ih i-
aeed eci ha ide he feibii eied f a e
af, hie idig eci f a e f he af.
Adid a deiged ih deee i id. Seci c
Home Source Compatibilit Tech Info Communit About
Adid.c
8/3/2019 Android Security Overview _ Android Open Source
2/17
06/11/11 Android Security Overview | Android Open Source
2/17source.android.com/tech/security/index.html#system-and-kernel-level-se
ee deiged edce he bde deee. Seci-a
deee ca eai ih ad e feibe eci
c. Deee e faiia ih eci i be eced b
afe defa.
Adid a deiged ih deice e i id. Ue ae ided
iibii i h aicai , ad c e he
aicai. Thi deig icde he eecai ha aace
d ae ef c aac, ch a cia
egieeig aac cice deice e ia aae,ad aac hid-a aicai Adid. Adid a
deiged bh edce he babii f hee aac ad gea
ii he iac f he aac i he ee i a ccef.
Thi dce ie he ga f he Adid eci ga,
decibe he fdaea f he Adid eci achiece,
ad ae he eie ei f e achiec
ad eci aa. Thi dce fce he eci
feae f Adid' ce af ad de dic eci
ie ha ae ie ecific aicai, ch a he
eaed he be SMS aicai. Receded be
acice f bidig Adid deice, deig Adid deice, deeig aicai f Adid ae he ga f hi
dce ad ae ided eehee.
Background
Adid ide a e ce af ad aicai
eie f bie deice.
The ai Adid af bidig bc ae:
Device Hardware: Adid a ide age f
hadae cfigai icdig a he, abe, ad
e--be. Adid i ce-agic, b i de
ae adaage f e hadae-ecific eci
caabiiie ch a ARM 6 eXece-Nee.
Android Operating Sstem: The ce eaig e i
bi f he Li ee. A deice ece, ie
caea fci, GPS daa, Beh fci, eeh
fci, e ceci, ec. ae acceed hgh
he eaig e.
Android Application Runtime: Adid aicai ae
fe ie i he Jaa gaig agage ad
i he Dai ia achie. Hee, a aicai,
icdig ce Adid eice ad aicai ae aie
aicai icde aie ibaie. Bh Dai ad aie
aicai ihi he ae eci eie,
caied ihi he Aicai Sadb. Aicai ge a
dedicaed a f he fiee i hich he ca ie
iae daa, icdig daabae ad a fie.
Adid aicai eed he ce Adid eaig e.
Thee ae ia ce f aicai:
Pre-Installed Applications: Adid icde a e f e-
iaed aicai icdig he, eai, caeda, eb
be, ad cac. Thee fci bh a e
aicai ad ide e deice caabiiie ha ca
be acceed b he aicai. Pe-iaed aicai
8/3/2019 Android Security Overview _ Android Open Source
3/17
06/11/11 Android Security Overview | Android Open Source
3/17source.android.com/tech/security/index.html#system-and-kernel-level-se
may be part of the open source Android platform, or they
may be developed by an OEM for a specific device.
User-Installed Applications: Android provides an open
development environment supporting any third-party
application. The Android Market offers users hundreds of
thousands of applications.
Google provides a set of cloud-based services that are available to
any compatible Android device. The primary services are:
Android Market: The Android Market is a collection of
services that allow users to discover, install, and purchase
applications from their Android device or the web. The
Market makes it easy for developers to reach Android users
and potential customers. The Market also provides
community review, application license verification, and other
security services.
Android Updates: The Android update service delivers new
capabilities and security updates to Android devices,
including updates through the web or over the air (OTA).
Application Services: Frameworks that allow Android
applications to use cloud capabilities such as (backing up)
application data and settings and cloud-to-device messaging
(C2DM) for push messaging.
These services are not part of the Android Open Source Project and
are out of scope for this document. But they are relevant to the
security of most Android devices, so a related security document
titled Google Services for Android: Security Overview is available.
Android Securit Program Overview
Early on in development, the core Android development team
recognized that a robust security model was required to enable a
vigorous ecosystem of applications and devices built on and around
the Android platform and supported by cloud services. As a result,
through its entire development lifecycle, Android has been
subjected to a professional security program. The Android team has
had the opportunity to observe how other mobile, desktop, and
server platforms prevented and reacted to security issues and built
a security program to address weak points observed in other
offerings.
The key components of the Android Security Program include:
Design Review: The Android security process begins early
in the development lifecycle with the creation of a rich and
configurable security model and design. Each major feature
of the platform is reviewed by engineering and security
resources, with appropriate security controls integrated into
the architecture of the system.
Penetration Testing and Code Review : During the
development of the platform, Android-created and open-
source components are subject to vigorous security reviews.
These reviews are performed by the Android Security Team,Googles Information Security Engineering team, and
independent security consultants. The goal of these reviews
is to identify weaknesses and possible vulnerabilities well
before the platform is open-sourced, and to simulate the
8/3/2019 Android Security Overview _ Android Open Source
4/17
06/11/11 Android Security Overview | Android Open Source
4/17source.android.com/tech/security/index.html#system-and-kernel-level-se
pe of anali ha ill be pefomed b eenal eci
epe pon eleae.
Open Source and Communit Review : The Andoid Open
Soce Pojec enable boad eci eie b an
ineeed pa. Andoid alo e open oce
echnologie ha hae ndegone ignifican eenal
eci eie, ch a he Lin kenel. The Andoid
Make poide a fom fo e and companie o poide
infomaion abo pecific applicaion diecl o e.
Incident Response: Een ih all of hee pecaion,eci ie ma occ afe hipping, hich i h he
Andoid pojec ha ceaed a compehenie eci
epone poce. A fll-ime Andoid eci eam
conanl monio Andoid-pecific and he geneal
eci commni fo dicion of poenial lneabiliie.
Upon he dicoe of legiimae ie, he Andoid eam
ha a epone poce ha enable he apid miigaion of
lneabiliie o ene ha poenial ik o all Andoid
e i minimied. Thee clod-ppoed epone can
inclde pdaing he Andoid plafom (oe-he-ai pdae),
emoing applicaion fom he Andoid Make, and emoing
applicaion fom deice in he field.
Android Platform Securit Architecture
Andoid eek o be he mo ece and able opeaing em
fo mobile plafom b e-ppoing adiional opeaing em
eci conol o:
Poec e daa
Poec em eoce (inclding he neok)
Poide applicaion iolaion
To achiee hee objecie, Andoid poide hee ke eci
feae:
Rob eci a he OS leel hogh he Lin kenel
Mandao applicaion andbo fo all applicaion
Sece inepoce commnicaion
Applicaion igning
Applicaion-defined and e-ganed pemiion
The ecion belo decibe hee and ohe eci feae of
he Andoid plafom. Figre 1 mmaie he eci
componen and conideaion of he aio leel of he Andoid
ofae ack. Each componen ame ha he componen
belo ae popel eced. Wih he ecepion of a mall amon
of Andoid OS code nning a oo, all code aboe he Lin Kenel
i eiced b he Applicaion Sandbo.
8/3/2019 Android Security Overview _ Android Open Source
5/17
06/11/11 Android Security Overview | Android Open Source
5/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Figure 1: Android softare stack.
Sstem and Kernel Level Securit
A he opeaing em leel, he Andoid plafom poide he
eci of he Lin kenel, a ell a a ece ine-poce
commnicaion (IPC) facili o enable ece commnicaion
beeen applicaion nning in diffeen pocee. Thee eci
feae a he OS leel ene ha een naie code i conained
b he Applicaion Sandbo. Whehe ha code i he el of
inclded applicaion behaio o a eploiaion of an applicaion
lneabili, he em old peen he oge applicaion fom
haming ohe applicaion, he Andoid em, o he deice ielf.
Linu Securit
The fondaion of he Andoid plafom i he Lin kenel. The
Lin kenel ielf ha been in idepead e fo ea, and i
ed in million of eci-eniie enionmen. Thogh i
hio of conanl being eeached, aacked, and fied b
hoand of deelope, Lin ha become a able and ece
kenel ed b man copoaion and eci pofeional.
A he bae fo a mobile comping enionmen, he Lin kenel
poide Andoid ih eeal ke eci feae, inclding:
A e-baed pemiion model
Poce iolaionEenible mechanim fo ece IPC
The abili o emoe nnecea and poeniall inece
pa of he kenel
A a mlie opeaing em, a fndamenal eci objecie
8/3/2019 Android Security Overview _ Android Open Source
6/17
06/11/11 Android Security Overview | Android Open Source
6/17source.android.com/tech/security/index.html#system-and-kernel-level-se
L .
T L
. T, L:
P A B'
E A B'
E A B' CPU
E A B' (..
, GPS, )
The Application Sandbo
T A L -
. T A ID (UID)
A
. T
( L ),
.
T - A S. T
L ,
ID . B ,
. I A
B'
( ),
A
. T ,
, - UNIX-
.
S A S ,
. A
Figre 1,
, , ,
A S. O
,
, API, . O
A,
; ,
.
I ,
. T
A
OS . A
,
.
L , A S
. H, A S
,
L .
Sstem Partition and Safe Mode
T A'
, ,
8/3/2019 Android Security Overview _ Android Open Source
7/17
06/11/11 Android Security Overview | Android Open Source
7/17source.android.com/tech/security/index.html#system-and-kernel-level-se
framework, and applications. This partition is set to read-only.
When a user boots the device into Safe Mode, only core Android
applications are available. This ensures that the user can boot their
phone into an environment that is free of third-party software.
Filesstem Permissions
In a UNIX-style environment, filesystem permissions ensure that
one user cannot alter or read another user's files. In the case of
Android, each application runs as its own user. Unless thedeveloper explicitly exposes files to other applications, files created
by one application cannot be read or altered by another application.
Filesstem Encrption
Android 3.0 and later provides full filesystem encryption, so all user
data can be encrypted in the kernel using the dmcrypt
implementation of AES128 with CBC and ESSIV:SHA256. The
encryption key is protected by AES128 using a key derived from
the user password, preventing unauthorized access to stored data
without the user device password. To provide resistance against
systematic password guessing attacks (e.g. rainbow tables or
brute force), the password is combined with a random salt and
hashed repeatedly with SHA1 using the standard PBKDF2
algorithm prior to being used to decrypt the filesystem key. To
provide resistance against dictionary password guessing attacks,
Android provides password complexity rules that can be set by the
device administrator and enforced by the operating system.
Filesystem encryption requires the use of a user password, pattern-
based screen lock is not supported.
More details on implementation of filesystem encryption are
available at
http://source.android.com/tech/encryption/android_crypto_implemen
Password Protection
Android can be configured to verify a user-supplied password prior
to providing access to a device. In addition to preventing
unauthorized use of the device, this password protects the
cryptographic key for full filesystem encryption.
Use of a password and/or password complexity rules can be
required by a device administrator.
Device Administration
Android 2.2 and later provide the Android Device Administration
API, which provides device administration features at the system
level. For example, the built-in Android Email application uses the
APIs to improve Exchange support. Through the Email application,
Exchange administrators can enforce password policies
including alphanumeric passwords or numeric PINs across
devices. Administrators can also remotely wipe (that is, restore
factory defaults on) lost or stolen handsets.
In addition to use in applications included with the Android system,these APIs are available to third-party providers of Device
Management solutions. Details on the API are provided here:
http://developer.android.com/guide/topics/admin/device-admin.html.
Memor Management Securit Enhancements
8/3/2019 Android Security Overview _ Android Open Source
8/17
06/11/11 Android Security Overview | Android Open Source
8/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Adid icde a feae ha ae c eci ie
hade ei. The Adid SDK, cie, ad OS e
ae c e ci ie igifica hade
ei, icdig:
Hadae-baed N eXece (NX) ee cde eeci
he ac ad hea
PPice ee ac bffe e
afe_i edce iege ef
Eei OeBSD dac ee dbe fee()eabiiie ad ee ch cidai aac.
Ch cidai aac ae a c a ei
hea ci.
OeBSD cac ee iege ef dig e
acai
Li a_i_add() iigae ie deefeece
iiege ecaai
Rooting of Deices
B defa, Adid he ee ad a a be f he
ce aicai ih eii. Adid de ee a e aicai ih eii f difig
he eaig e, ee, ad a he aicai. I geea,
ha f acce a aicai ad a aicai daa.
Ue ha chage he eii a Adid deice ga
acce aicai iceae he eci ee
aici aicai ad eia aicai fa.
The abii dif a Adid deice he i ia
deee ig ih he Adid af. O a Adid
deice e hae he abii c he bade i de
a iaai f a aeae eaig e. Thee aeae
eaig e a a a e gai acce f
e f debggig aicai ad e ce
acce feae eeed aicai b Adid API.
O e deice, a e ih hica c f a deice ad a
USB cabe i abe ia a e eaig e ha ide
iiege he e. T ec a eiig e daa f
cie he bade c echai eie ha he
bade eae a eiig e daa a a f he c e.
R acce gaied ia eiig a ee bg eci he ca
ba hi eci.
Ecig daa ih a e ed -deice de ec he
aicai daa f e. Aicai ca add a ae f
daa eci ig eci ih a e ed ff-deice, ch
a a ee a e ad. Thi aach ca ide
ea eci hie he e i ee, b a e i
he e be ided he aicai ad i he bece
acceibe e.
A e b aach ecig daa f e i
hgh he e f hadae i. OEM a che
iee hadae i ha ii acce ecific e f
ce ch a DRM f ide abac, he NFC-eaed edage f Gge ae.
I he cae f a e deice, f fiee eci
Adid deice e he deice ad ec he eci
e, difig he bade eaig e i
8/3/2019 Android Security Overview _ Android Open Source
9/17
06/11/11 Android Security Overview | Android Open Source
9/17source.android.com/tech/security/index.html#system-and-kernel-level-se
sufficient to access user data without the users device password.
Android Application SecuritElements of Applications
Android provides an open source platform and application
environment for mobile devices. The core operating system is based
on the Linux kernel. Android applications are most often written in
the Java programming language and run in the Dalvik virtualmachine. However, applications can also be written in native code.
Applications are installed from a single file with the .apk file
extension.
The main Android application building blocks are:
AndroidManifest.ml: The AndroidManifest.xml file is the
control file that tells the system what to do with all the top-
level components (specifically activities, services, broadcast
receivers, and content providers described below) in an
application. This also specifies which permissions are
required.
Activities: An Activity is, generally, the code for a single,
user-focused task. It usually includes displaying a UI to the
user, but it does not have to -- some Activities never display
UIs. Typically, one of the application's Activities is the entry
point to an application.
Services: A Service is a body of code that runs in the
background. It can run in its own process, or in the context
of another application's process. Other components "bind" to
a Service and invoke methods on it via remote procedure
calls. An example of a Service is a media player: even whenthe user quits the media-selection UI, the user probably still
intends for music to keep playing. A Service keeps the
music going even when the UI has completed.
Broadcast Receiver: A BroadcastReceiveris an object that
is instantiated when an IPC mechanism known as an Intent
is issued by the operating system or another application. An
application may register a receiver for the low battery
message, for example, and change its behavior based on
that information.
The Android Permission Model: AccessingProtected APIs
By default, an Android application can only access a limited range
of system resources. The system manages Android application
access to resources that, if used incorrectly or maliciously, could
adversely impact the user experience, the network, or data on the
device.
These restrictions are implemented in a variety of different forms.
Some capabilities are restricted by an intentional lack of APIs to
the sensit ive functionality (e.g. there is no Android API for directly
manipulating the SIM card). In some instances, separation of rolesprovides a security measure, as with the per-application isolation of
storage. In other instances, the sensitive APIs are intended for use
by trusted applications and protected through a security
mechanism known as Permissions.
8/3/2019 Android Security Overview _ Android Open Source
10/17
06/11/11 Android Security Overview | Android Open Source
10/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Thee eced API icde:
Caea fci
Lcai daa (GPS)
Beh fci
Teeh fci
SMS/MMS fci
Ne/daa ceci
Thee ece ae acceibe hgh he eaig e.T ae e f he eced API he deice, a aicai
defie he caabiiie i eed i i aife. Whe
eaig ia a aicai, he e dia a diag
he e ha idicae he eii eeed ad a
hehe cie he iaai. If he e cie ih he
iaai, he e acce ha he e ha gaed a f he
eeed eii. The e ca ga de idiida
eii -- he e ga de a f he eeed
eii a a bc.
Oce gaed, he eii ae aied he aicai a
g a i i iaed. T aid e cfi, he e de if he e agai f he eii gaed he aicai,
ad aicai ha ae icded i he ce eaig e
bded b a OEM d ee eii f he e.
Peii ae eed if a aicai i iaed, a
bee e-iaai i agai e i dia f
eii.
Wihi he deice eig, e ae abe ie eii f
aicai he hae ei iaed. Ue ca a ff
e fciai gba he he che, ch a diabig
GPS, adi, i-fi.
I he ee ha a aicai ae e a eced feae
hich ha bee decaed i he aicai' aife, he
eii faie i ica e i a eci ecei beig
h bac he aicai. Peced API eii chec
ae efced a he e ibe ee ee cicei.
A eae f he e eagig he a aicai i iaed
hie eeig acce eced API i h i Figre 2.
The e defa eii ae decibed a
h://cde.gge.c/adid/efeece/adid/Maife.eii
Aicai a decae hei eii f he
aicai e. Sch eii ae ied i he abecai.
Whe defiig a eii a eciLee aibe e he
e h he e i be ifed f aicai eiig he
eii, h i aed hd a eii. Deai
ceaig ad ig aicai ecific eii ae decibed a
h://deee.adid.c/gide/ic/eci/eci.h.
Thee ae e deice caabiiie, ch a he abii ed
SMS badca ie, ha ae aaiabe hid-a
aicai, b ha a be ed b aicai e-iaed b
he OEM. Thee eii e he igaeOSeeii.
How Users Understand Third-Part Applications
8/3/2019 Android Security Overview _ Android Open Source
11/17
06/11/11 Android Security Overview | Android Open Source
11/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Adid ie ae i cea e he he ae ieacig
ih hid-a aicai ad if he e f he caabiiie
he aicai hae. Pi iaai f a aicai, he
e i h a cea eage ab he diffee eii he
aicai i eeig. Afe ia, he e i ed
agai cfi a eii.
Thee ae a ea h eii iediae i
iaai ie. Thi i he e i acie eieig ifai
ab he aicai, deee, ad fciai deeiehehe i ache hei eed ad eecai. I i a
ia ha he hae e eabihed a ea fiacia
cie he a, ad ca eai cae he aicai
he aeaie aicai.
Se he af e a diffee aach e ificai,
eeig eii a he a f each ei hie
aicai ae i e. The ii f Adid i hae e
ichig eae beee aicai a i. Pidig
cfiai each ie d d he e ad ee
Adid f deieig a gea e eeiece. Haig he e
eie eii a ia ie gie he e he i ia he aicai if he fee cfabe.
A, a e ieface die hae h ha e-ig
he e cae he e a aig "OK" a diag ha i
h. Oe f Adid' eci ga i effecie ce
ia eci ifai he e, hich ca be de
ig diag ha he e i be aied ige. B eeig
he ia ifai ce, ad he i i ia, he
e i e ie hi ab ha he ae ageeig .
Se af che h a ifai a a ab
aicai fciai. Tha aach ee e f eaideadig ad dicig aicai caabiiie. Whie i i
ibe f a e aa ae f ifed decii,
he Adid eii de ae ifai ab
aicai eai acceibe a ide age f e. F
eae, eeced eii ee ca e
hiicaed e a ciica ei ab aicai
fciai ad hae hei cce i ace ch a he
Adid Mae hee he ae iibe a e.
Pemiion a Applicaion Inall --
Google Map
Pemiion of a
-- gMail
8/3/2019 Android Security Overview _ Android Open Source
12/17
06/11/11 Android Security Overview | Android Open Source
12/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Figure 2: Displa of permissions for applications
Inepoce Commnicaion
Pocee can commnicae ing an of he adiional UNIX-pe
mechanim. Eample inclde he fileem, local ocke, oignal. Hoee, he Lin pemiion ill appl.
Andoid alo poide ne IPC mechanim:
Binde: A ligheigh capabili-baed emoe pocede call
mechanim deigned fo high pefomance hen pefoming
in-poce and co-poce call. Binde i implemened
ing a com Lin die. See
hp://deelope.andoid.com/efeence/andoid/o/Binde.hm
Seice: Seice (diced aboe) can poide ineface
diecl acceible ing binde.
Inen: An Inen i a imple meage objec ha
epeen an "inenion" o do omehing. Fo eample, if
o applicaion an o dipla a eb page, i epee
i "Inen" o ie he URL b ceaing an Inen inance
and handing i off o he em. The em locae ome
ohe piece of code (in hi cae, he Boe) ha kno
ho o handle ha Inen, and n i. Inen can alo be
ed o boadca ineeing een (ch a a noificaion)
em-ide. See
hp://code.google.com/andoid/efeence/andoid/conen/In
ConenPoide: A ConenPoide i a daa oehoe
ha poide acce o daa on he deice; he claic
eample i he ConenPoide ha i ed o acce he
e' li of conac. An applicaion can acce daa ha
ohe applicaion hae epoed ia a ConenPoide, and
8/3/2019 Android Security Overview _ Android Open Source
13/17
06/11/11 Android Security Overview | Android Open Source
13/17source.android.com/tech/security/index.html#system-and-kernel-level-se
a aicai ca a defie i CePide
ee daa f i . See
h://cde.gge.c/adid/efeece/adid/ce/C
Whie i i ibe iee IPC ig he echai
ch a e ce d-iabe fie, hee ae he
eceded Adid IPC fae. Adid deee i be
ecaged e be acice ad ecig e' daa ad
aidig he idci f eci eabiiie.
Cost-Sensitie APIs
A c eiie API i a fci ha igh geeae a c f
he e he e. The Adid af ha aced c
eiie API i he i f eced API ced b he OS.
The e i hae ga eici eii hid-a
aicai eeig e f c eiie API. Thee API
icde:
Teeh
SMS/MMS
Ne/DaaI-A Biig
NFC Acce
SIM Card Access
L ee acce he SIM cad i aaiabe hid-a
a. The OS hade a cicai ih he SIM cad
icdig acce ea ifai (cac) he SIM cad
e. Aicai a ca acce AT cad, a hee
ae aaged ecie b he Radi Ieface Lae (RIL). The RIL
ide high ee API f hee cad.
Personal Information
Adid ha aced API ha ide acce e daa i he
e f eced API. Wih a age, Adid deice i a
accae e daa ihi hid-a aicai iaed b
e. Aicai ha che hae hi ifai ca e
Adid OS eii chec ec he daa f hid-a
aicai.
Figure 3: Access to sensitive user data is onl available through
protected APIs
8/3/2019 Android Security Overview _ Android Open Source
14/17
06/11/11 Android Security Overview | Android Open Source
14/17source.android.com/tech/security/index.html#system-and-kernel-level-se
S
. T
. D
, -
. I ,
.
A , ,
. I
IPC,
IPC .
Seniie Daa Inp Deice
A
,
, GPS. F - ,
A OS P. U
,
.
I ' ,
' . U
,
' . A ,
,
"S" , "L & S",
"U " "E GPS". T
' .
Deice Meadaa
A
,
, ,
.
B
, , , /
. I
,
. I
, .
Applicaion Signing
C
. E
A .A
A M
A .
O A M, G
8/3/2019 Android Security Overview _ Android Open Source
15/17
06/11/11 Android Security Overview | Android Open Source
15/17source.android.com/tech/security/index.html#system-and-kernel-level-se
ha ih he deelope and he he deelope ha ih hei
applicaion. Deelope kno hei applicaion i poided,
nmodified o he Andoid deice; and deelope can be held
acconable fo behaio of hei applicaion.
On Andoid, applicaion igning i he fi ep o placing an
applicaion in i Applicaion Sandbo. The igned applicaion
ceificae define hich e id i aociaed ih hich
applicaion; diffeen applicaion n nde diffeen e ID.
Applicaion igning ene ha one applicaion canno acce anohe applicaion ecep hogh ell-defined IPC.
When an applicaion (APK file) i inalled ono an Andoid deice,
he Package Manage eifie ha he APK ha been popel
igned ih he ceificae inclded in ha APK. If he ceificae (o,
moe accael, he pblic ke in he ceificae) mache he ke
ed o ign an ohe APK on he deice, he ne APK ha he
opion o pecif in he manife ha i ill hae a UID ih he
ohe imilal-igned APK.
Applicaion can be igned b a hid-pa (OEM, opeao,
alenaie make) o elf-igned. Andoid poide code igninging elf-igned ceificae ha deelope can geneae iho
eenal aiance o pemiion. Applicaion do no hae o be
igned b a cenal ahoi. Andoid cenl doe no pefom
CA eificaion fo applicaion ceificae.
Applicaion ae alo able o declae eci pemiion a he
Signae poecion leel, eicing acce onl o applicaion
igned ih he ame ke hile mainaining diinc UID and
Applicaion Sandboe. A cloe elaionhip ih a haed
Applicaion Sandbo i alloed ia he haed UID feae hee
o o moe applicaion igned ih ame deelope ke can
declae a haed UID in hei manife.
Digial Righ Managemen
The Andoid plafom poide an eenible DRM fameok ha
le applicaion manage igh-poeced conen accoding o he
licene conain ha ae aociaed ih he conen. The DRM
fameok ppo man DRM cheme; hich DRM cheme a
deice ppo i lef o he deice manface.
The Andoid DRM fameok i implemened in o achiecal
lae (ee fige belo):
A DRM fameok API, hich i epoed o applicaion
hogh he Andoid applicaion fameok and n hogh
he Dalik VM fo andad applicaion.
A naie code DRM manage, hich implemen he DRM
fameok and epoe an ineface fo DRM plg-in
(agen) o handle igh managemen and decpion fo
aio DRM cheme
8/3/2019 Android Security Overview _ Android Open Source
16/17
06/11/11 Android Security Overview | Android Open Source
16/17source.android.com/tech/security/index.html#system-and-kernel-level-se
Fige 4: Achiece of Digial Righ Managemen on Andoid
plafom
Andoid Updae
A
.
T A :
-- (OTA ) - . OTA
, OEM /
. S-
. O SD , A
, ,
.
I
G A O S P, A
.
1. T A
NDA
.
2. T .3. T A A- .
4. W , NDA
.
5. T A A O
S P
6. OEM/ .
T NDA
.
M OHA A
, , . O A
S , OHA
. H, OHA
.
8/3/2019 Android Security Overview _ Android Open Source
17/17
06/11/11 Android Security Overview | Android Open Source
S T S - P P G T
I (..,
), G /
A O S P
. T (
) .
A G I/O 2011, OHA
18 .
T A
, .
A , A ,
A
@.. I ,
A PGP :
://../____..
Ohe Reoce
I A O S P
://...
I A :
://...
T A S
@..
S A O S
D S. A :
://..////..
A S FAQ :
://..///..
A A
: ://..//--.