The aim of the Open Handset Alliance is to accelerate innovation and create a richer, less expensive mobile experience....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
However, mobile phones are restricted by which software they can run. Programs must run inside a constrained environment with limited amounts of memory and processing power.
Developers can create applications for the phone using the Android software development kit (SDK). Applications are written using the Java programming language and run on Dalvik, a custom virtual machine that has been designed to optimize memory and hardware resources. Dalvik runs on top of a Linux kernel. Linux has the advantage of being modular, meaning that it's relatively easy to piece together only the specific, necessary functionality.
Android is a multi-process system, where each application and part of the system runs in its own process. Most security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform.
With regard to the security of these applications, there is no evidence to show that applications built under an open source framework, where hackers have access to the source code, are any more or less insecure than those built with proprietary source code. Hackers, for example, have access to the source code for the Apache Web server, yet it is seen by most experts as the most secure Web server. The key issue with Android applications will be response times when vulnerabilities are discovered. Open source projects tend to have a better record for releasing patches in a timely fashion than their commercial counterparts.
I believe that the core Android applications will be relatively secure. And they need to be. Today, nearly 3 billion people have a mobile phone. This makes it an attractive target for hackers, particular as mobile phones are being used for diverse tasks. Android will enable developers to build powerful peer-to-peer social applications, and data security will be paramount. However, as is always the case, I expect consumers will rank handset features and cost above security in order of importance. Handsets and services using the Android platform are expected in the second half of 2008.
- Learn about the security holes that pen testers found in Google's Android SDK.
- Is the mobile malware threat overblown? Senior News Writer Bill Brenner investigates.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
Android encryption on devices using Qualcomm chips can be broken due to two vulnerabilities. Expert Michael Cobb explains how these flaws affect ...continue reading
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability ...continue reading
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.