Security in Android spans the deployment and execution of the application. With respect to deployment, Android applications have to be signed with a digital signature in order for you to install them onto a device. With respect to execution, Android runs each application within a separate process, each of which has a unique and permanent user ID (assigned at install time). This places a boundary around the process and prevents one application from having direct access to another's data. Moreover, Android defines a declarative permission model that protects sensitive features (such as the contact list).
In the next several sections, we are going to discuss these topics. But before we get started, let's provide an overview of some of the security concepts that we'll refer to later.
Was this article helpful?