Building Security into the Android Architecture
10 Reasons Why Google Android Is Secure
The debate over which mobile platform-iPhone, Android, Windows Mobile or BlackBerry-is best might rage for hours. Everything is subjective. But it's security that may matter most when considering a mobile phone.
Will the phone provide the kind of security required when important data is
transmitted from the desktop to the mobile device? That's a question that can't
be so easily answered with a yes or no.
That's why it's so important to consider each mobile platform's security on a case-by-case basis. The iPhone has received the most accolades. But Google's Android platform is circling in the background. Slowly but surely, Google's software is gaining steam. It's becoming a much bigger player in the mobile market. And all the while, it has maintained a relatively high level of security.
Let's take a look at why it's so secure.
1. Open source
Open-source software tends to be more secure than closed software. That's mainly due to the nature of open source: The community works together to improve software. It's a great concept. And unlike Microsoft and Apple, it's a concept that Google and its partners have embraced. Open source is a key to security victory.
2. Multiprocess software
Rather than running each application in one process, Google's Android platform is multiprocess software, so that each application runs within its own process. Thanks to that, Google can ensure that no application gains access to critical components of system software.
3. Say hello to Linux
Linux is an extremely secure operating system. And it just so happens that Google's Android platform is based on Linux. The operating system has several features such as user and group IDs that help keep application data away from core software processes. Linux is a major reason why Google's Android platform has enjoyed relative security to this point.
4. Access restrictions
Access restrictions are central to the security of any operating system. In Android, no application has permission to perform operations that could harm the operating system. The same architecture keeps those applications from running harmful scripts that affect other applications or the user. Thanks to that feature, users know that their sensitive data won't be touched by unauthorized applications.
5. Sign this, please
If trouble breaks out, knowing who wrote a particular application not only helps users identify the culprit, but also ensures that in the future that source won't be trusted. All Android applications require a signature unique to the application's developer. The result is twofold: it assigns a level of culpability to poorly designed software and it helps determine access to signature-based permissions. That combines to make attackers think twice about specifically targeting Android.
Building Security into the Android Architecture
6. The Google element
Google has shown time and again that it is focused on user security. Its history is marked by an understanding of Web users and what they want from a service. That model has made its way to Android. Google's mobile platform reflects the company's understanding of how users will interact with the software. It adapts to that, which, in the end, makes for a more secure operating system.
7. It enlists users' help
Too often, software developers wait until they find holes in their operating systems to patch them. Google doesn't. The company makes its Android security e-mail address readily available on its site. If users have found a potential security flaw, they can e-mail the Android Security team. Whether or not the team actually investigates the issues is unknown. But soliciting information from users could help Google find issues sooner.
8. Asking for permission
A key component in any software security strategy starts with permission. When malicious programs are running, they rarely want to ask for permission to start. Android requires all applications without proper signatures to ask the user for permission to run. That feature alone cuts down on the number of security instances affecting the platform. If a user doesn't want a particular program to run, he or she can stop it before it has a chance to wreak havoc on the device.
9. Media holes
One of the most common ways attackers gain entry to a mobile phone is through audio and video running in a Web browser. To limit the impact those files might have, Google forces them to run on an outside media server. Therefore, malicious files cannot gain access to cookies or user credentials. Considering that some folks use their browsers to check bank accounts or view information from the workplace, that's a welcome feature.
10. Google gets the Web
If Google is good at anything, it's scouring the Web to help users find what they're looking for. That also helps the company identify potential threats coming from the Web and, in the process, limit their effect on its mobile operating system. That's a key component in Android's security. By knowing the threats that exist on the Web, Google is one step ahead of its counterparts. And, in the end, that could mean all the difference to the security of its platform.