Abstract:
Android is an operating system applied to smart mobile device which claims a huge market share. The study of its security has attracted wide attention. In this paper, we introduce Android’s system architecture and security mechanism, discuss its security performance and the current research situation from two perspectives: system security and application security. Android’s system security includes kernel security, architecture security and user authentications mechanism security. The threats on kernel security and architecture security are mainly from vulnerability. The study of kernel security is focused on how to introduce SELinux into the kernel to improve the security performance, and the study of architecture security is focused on how to improve the performance of permission mechanism and how to implement APIs (application programming interface) securely and to guide developers to use APIs normatively. User authentications mechanism is closely related to user’s privacy security and can be implemented flexibly, so that the study on its security has received wide attention. Android’s application security includes two technologies which are malicious application detection and vulnerability mining. We discuss on malicious application detection from the counterfeit technology of malicious applications and detection technology of malicious application at installation or running process, and discuss on vulnerability mining from component exposed vulnerabilities and security APIs related vulnerabilities. Finally, we summarize current research situation of Android’s security study and propose the issues which are worth further study.