Building Security into the Android Architecture
6. The Google element
Google has shown time and again that it is focused on user security. Its history is marked by an understanding of Web users and what they want from a service. That model has made its way to Android. Google's mobile platform reflects the company's understanding of how users will interact with the software. It adapts to that, which, in the end, makes for a more secure operating system.
7. It enlists users' help
Too often, software developers wait until they find holes in their operating systems to patch them. Google doesn't. The company makes its Android security e-mail address readily available on its site. If users have found a potential security flaw, they can e-mail the Android Security team. Whether or not the team actually investigates the issues is unknown. But soliciting information from users could help Google find issues sooner.
8. Asking for permission
A key component in any software security strategy starts with permission. When malicious programs are running, they rarely want to ask for permission to start. Android requires all applications without proper signatures to ask the user for permission to run. That feature alone cuts down on the number of security instances affecting the platform. If a user doesn't want a particular program to run, he or she can stop it before it has a chance to wreak havoc on the device.
9. Media holes
One of the most common ways attackers gain entry to a mobile phone is through audio and video running in a Web browser. To limit the impact those files might have, Google forces them to run on an outside media server. Therefore, malicious files cannot gain access to cookies or user credentials. Considering that some folks use their browsers to check bank accounts or view information from the workplace, that's a welcome feature.
10. Google gets the Web
If Google is good at anything, it's scouring the Web to help users find what they're looking for. That also helps the company identify potential threats coming from the Web and, in the process, limit their effect on its mobile operating system. That's a key component in Android's security. By knowing the threats that exist on the Web, Google is one step ahead of its counterparts. And, in the end, that could mean all the difference to the security of its platform.