The aim of the Open Handset Alliance is to accelerate innovation and create a richer, less expensive mobile experience. However, mobile phones are restricted by which software they can run. Programs must run inside a constrained environment with limited amounts of memory and processing power.
Developers can create applications for the phone using the Android software development kit (SDK). Applications are written using the Java programming language and run on Dalvik, a custom virtual machine that has been designed to optimize memory and hardware resources. Dalvik runs on top of a Linux kernel. Linux has the advantage of being modular, meaning that it's relatively easy to piece together only the specific, necessary functionality.
Android is a multi-process system, where each application and part of the system runs in its own process. Most security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform.
With regard to the security of these applications, there is no evidence to show that applications built under an open source framework, where hackers have access to the source code, are any more or less insecure than those built with proprietary source code. Hackers, for example, have access to the source code for the Apache Web server, yet it is seen by most experts as the most secure Web server. The key issue with Android applications will be response times when vulnerabilities are discovered. Open source projects tend to have a better record for releasing patches in a timely fashion than their commercial counterparts.
I believe that the core Android applications will be relatively secure. And they need to be. Today, nearly 3 billion people have a mobile phone. This makes it an attractive target for hackers, particular as mobile phones are being used for diverse tasks. Android will enable developers to build powerful peer-to-peer social applications, and data security will be paramount. However, as is always the case, I expect consumers will rank handset features and cost above security in order of importance. Handsets and services using the Android platform are expected in the second half of 2008.
- Learn about the security holes that pen testers found in Google's Android SDK.
- Is the mobile malware threat overblown? Senior News Writer Bill Brenner investigates.
Dig deeper on Handheld and Mobile Device Security Best Practices
Related Q&A from Michael Cobb
A reported 43% of Microsoft XML users are running vulnerable versions of the software. Security expert Michael Cobb discusses how to mitigate the ...continue reading
Security expert Michael Cobb explains what Open Authorization or OAuth 2.0 is, its pros and cons, and how it is different from bring your own ...continue reading
While the fundamentals of securing an e-commerce website haven't changed in a few years, there are new threat vectors and security risks to be aware ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.