Accession Number:



Android Security Analysis

Descriptive Note:

Technical Report

Corporate Author:

MITRE Corporation McLean United States

Report Date:


Pagination or Media Count:



According to recent worldwide sales figures reported by Gartner 1, Android is the most popular operating system OS when considering all general-purpose computing platforms smartphones, tablets, laptops, and PCs. Mobile OSes such as Android introduce new security architectures designed with the experience of past lessons learned from traditional computing platforms. Most notably, Android provides a sandbox for applications hereinafter apps which isolates app data and code execution from other apps 2. Android places security controls on allowed interactions between apps, and between each app and underlying device resources. The Android security architecture is designed to provide protection from malicious app behaviors, and to increase resilience to prevent or minimize the impact of exploitation of security vulnerabilities. By default, apps cannot access data stored by another app, and are restricted from interfering with the behavior of another app. Apps must request permission to access device capabilities such as the microphone, camera, or physical location services, such as Global Positioning System GPS. Apps also must request permission to access sensitive information repositories such as contact lists. Apps are also limited in their ability to access other underlying device resources and services. Every app must include a manifest file AndroidManifest.xml that defines the apps permissions and other important properties. The contents of the manifest file are read and enforced by the Android OS.

Subject Categories:

  • Radio Communications

Distribution Statement: