The aim of the Open Handset Alliance is to accelerate innovation and create a richer, less expensive mobile experience. However, mobile phones are restricted by which software they can run. Programs must run inside a constrained environment with limited amounts of memory and processing power.
Developers can create applications for the phone using the Android software development kit (SDK). Applications are written using the Java programming language and run on Dalvik, a custom virtual machine that has been designed to optimize memory and hardware resources. Dalvik runs on top of a Linux kernel. Linux has the advantage of being modular, meaning that it's relatively easy to piece together only the specific, necessary functionality.
Android is a multi-process system, where each application and part of the system runs in its own process. Most security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform.
With regard to the security of these applications, there is no evidence to show that applications built under an open source framework, where hackers have access to the source code, are any more or less insecure than those built with proprietary source code. Hackers, for example, have access to the source code for the Apache Web server, yet it is seen by most experts as the most secure Web server. The key issue with Android applications will be response times when vulnerabilities are discovered. Open source projects tend to have a better record for releasing patches in a timely fashion than their commercial counterparts.
I believe that the core Android applications will be relatively secure. And they need to be. Today, nearly 3 billion people have a mobile phone. This makes it an attractive target for hackers, particular as mobile phones are being used for diverse tasks. Android will enable developers to build powerful peer-to-peer social applications, and data security will be paramount. However, as is always the case, I expect consumers will rank handset features and cost above security in order of importance. Handsets and services using the Android platform are expected in the second half of 2008.
- Learn about the security holes that pen testers found in Google's Android SDK.
- Is the mobile malware threat overblown? Senior News Writer Bill Brenner investigates.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.