Monday 12 September 2016

Fundamental of Android Security

custom application development

Android is an open mobile platform. Android applications use advanced hardware and software, besides local and served data, open through the platform to bring improvement and add consumer’s value. In order to guard that value, the platform used for custom application development must offer an environment that guarantees the users security, information, applications, device plus network.

To secure an open platform, there exist a need for a robust security architecture and demanding security programs. Android was planned with multi-layered security that provides the flexibility open platform, while ensuring protection for all users using the platform.

Android was designed with clear thought about developers in mind and security controls were designed to ease the burden on developers. Developers who are Security-savvy can easily work depend onflexible security controls. And the Developers who are less familiar with security, will be safeguarded by safe-defaults.

Android was designed with users of the device in mind. Users are provided reflectivity into how applications operate and work, and guided control over those Android applications. The design of Android includes the probability that attackers would attempt to perform commons attacks to breach security, such as social-engineering attacks to assure device users to install malware, and outbreaks on third-party applications of Android. Android was designed and planned to both reduce the probability of breaches and attacks as well as limit the impact of the attack.

Android offers an open source platform for mobile devices along with application environment.

The core Android platform building blocks are:

Device Hardware, Android Operating System, and Application Runtime. Android applications outspread the core Android operating system.

There are two primary sources for applications: Pre-Installed Applications and User-Installed Applications.

Android Security Program Overview

Early during development, the core development team of application development company of Android recognized that a robust security framework was required to enable a strong ecosystem of applications and devices built the Android platform and sustained by cloud services. As a result of this, through its complete development life cycle, Android has been lay open to a professional security program. The Android team has had the chance to see how other mobile, desktop, and server platforms disallowed and reacted to security issues and accordingly built a security program to address weak spot. 

The key components of the Android Security Program include:

Design Review: The Android security procedure begins early in the development lifecycle with the design of a rich and configurable security model. Each major feature of the Android platform is looked over by engineering and security resources, with appropriate security controls integrated into the architecture of the security system.

Penetration Testing and Code Review: During the platform development, Android-created and open source modules are subject to dynamic security reviews. These security reviews are performed by theGoogle’s Information Security Engineering team,Security Team of Android, and various independent security consultants.

The goal of these security reviews is to identify weaknesses in the platform and possible vulnerabilities well before the android platform is open sourced.

Open Source and Community Review: The Android Open Source Development enables wide security reviews by any interested party. Android also practices open source technologies that have undergone substantial external security review, such as the Linux kernel.

Incident Response: The Android project has made a comprehensive security response process. A full-time Android security team continually monitors Android-specific and the over-all security community for the potential vulnerabilities. The Android team has Incident response process which enables the quick mitigation of vulnerabilities and weakness to ensure that the risk to all Android users is minimized.

Platform Security Architecture

Android architecture seeks to be the more secure and usable operating system for mobile platforms by re-purposing traditional operating system security controls:

  • To protect data of the users
  • To protect various system resources


To achieve these objectives of the platform, Android offerskey security features like:

  • Provided robust security at the Operating System level through the Linux kernel
  • Mandatory application sandbox for all android applications
  • Provided Secure inter-process communication
  • Signing in Android Application
  • Application-defined and user-granted permissions


Conclusion: 

Thus, the Application Development Company should consider the security aspects while designing any application.  The application built should use advanced hardware and software to bring innovation. Implementing and integrating security controls in the architecture leads to secure access and intact security in the company or a firm which guard against attacks.

References :

No comments:

Post a Comment