Last week, we released a whitepaper describing The Android Platform Security Model. Specifically we discuss:
- The security model which has implicitly informed the Android platform’s security design from the beginning, but has not been formally published or described outside of Google.
- The context in which this security model must operate, including the scale of the Android ecosystem and its many form factors and use cases.
- The complex threat model Android must address.
- How Android’s reference implementation in the Android Open Source Project (AOSP) enacts the security model.
- How Android’s security systems have evolved over time to address the threat model.
We hope this paper provides useful information and background to all the academic and security researchers dedicated to further strengthening the security of the Android ecosystem. Happy reading!
Acknowledgements: This post leveraged contributions from René Mayrhofer, Chad Brubaker, and Nick Kralevich
- The term ‘consent’ here and in the paper is used to refer to various technical methods of declaring or enforcing a party’s intent, rather than the legal requirement or standard found in many privacy legal regimes around the world. ↩