The aim of the Open Handset Alliance is to accelerate innovation and create a richer, less expensive mobile experience....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
However, mobile phones are restricted by which software they can run. Programs must run inside a constrained environment with limited amounts of memory and processing power.
Developers can create applications for the phone using the Android software development kit (SDK). Applications are written using the Java programming language and run on Dalvik, a custom virtual machine that has been designed to optimize memory and hardware resources. Dalvik runs on top of a Linux kernel. Linux has the advantage of being modular, meaning that it's relatively easy to piece together only the specific, necessary functionality.
Android is a multi-process system, where each application and part of the system runs in its own process. Most security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform.
With regard to the security of these applications, there is no evidence to show that applications built under an open source framework, where hackers have access to the source code, are any more or less insecure than those built with proprietary source code. Hackers, for example, have access to the source code for the Apache Web server, yet it is seen by most experts as the most secure Web server. The key issue with Android applications will be response times when vulnerabilities are discovered. Open source projects tend to have a better record for releasing patches in a timely fashion than their commercial counterparts.
I believe that the core Android applications will be relatively secure. And they need to be. Today, nearly 3 billion people have a mobile phone. This makes it an attractive target for hackers, particular as mobile phones are being used for diverse tasks. Android will enable developers to build powerful peer-to-peer social applications, and data security will be paramount. However, as is always the case, I expect consumers will rank handset features and cost above security in order of importance. Handsets and services using the Android platform are expected in the second half of 2008.
- Learn about the security holes that pen testers found in Google's Android SDK.
- Is the mobile malware threat overblown? Senior News Writer Bill Brenner investigates.
Dig Deeper on Handheld and Mobile Device Security Best Practices
Related Q&A from Michael Cobb
A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to ...continue reading
The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the ...continue reading
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.