Welcome to my post about android and it's security.Sorry this might be hard to read as I'm very bad writer and my native language isn't English, I TRY MY BEST!
In this post I’m going to explain some basic stuff you should know.
Let’s start from the basic consent model.
**kernel** is core of the android operating system, software that handles the GPU, system memory and system devices including file systems and networking. It servers as link between software and hardware, kernel security comes with great big power but it also comes with big responsibility. **Kernel security** determines overall security of the whole system. Androids kernel is based on **Linux**.
Security of the Android OS is based around the following key security features of the Linux kernel:
* Process Isolation * User-Based Permission Model * Inter-Process Communication (IPC)
Android uses the Linux permissions model to isolate application resources.
This process in called application sandbox.
Sandbox prevents malicious programs from interacting with the protected app.
Internal operating system components are also protected by the sandbox. Vulns exposed by an application cannot be exploited to gain access to the outer system.
Secure communication between apps is ensured by the Linux user-based protection.
Unlike traditional operating systems like MacOS and Windows, Android uses the User ID (UID) concept to manage an application’s
access control and not the system users access control. App is prohibited from accessing other application’s data or system features without permissions.
The security aspect of application is often overlooked. The lack of concern can determine the application to transform into an attack vector, leveraged by malicious actors.
Permissions in Android: the user’s privacy is protected by the means of permissions. Android applications requires the users consent to perform actions like see GPS location, see contact and other sort of permissions that application might ask you for.
Permissions required by an application are declared in the AndroidManifest.xml. Every permission is specified in its own uses-permission tag.
Android has 3 types of storage, Internal storage: Data stored here is visible only to the corresponding application, External storage: Data stored in external storage is globally readable and writable, Content providers: They provide an abstraction over the data stored. With the use of content providers, we have more control over the read and write permissions.