Google Android: A State-of-the-Art Review of Security Mechanisms

TL;DR

This paper reviews the security mechanisms of Google's Android platform, identifying high-risk threats and proposing solutions to enhance mobile device security through a comprehensive risk analysis and review of existing defenses.

Contribution

It provides a detailed security assessment of Android, identifies major threats, and suggests new security mechanisms for improving Android device protection.

Findings

Identified five major high-risk threats to Android.

Reviewed existing security solutions and their effectiveness.

Proposed new security mechanisms for Android enhancement.

Abstract

Google's Android is a comprehensive software framework for mobile communication devices (i.e., smartphones, PDAs). The Android framework includes an operating system, middleware and a set of key applications. The incorporation of integrated access services to the Internet on such mobile devices, however, increases their exposure to damages inflicted by various types of malware. This paper provides a comprehensive security assessment of the Android framework and the security mechanisms incorporated into it. A methodological qualitative risk analysis that we conducted identifies the high-risk threats to the framework and any potential danger to information or to the system resulting from vulnerabilities that have been uncovered and exploited. Our review of current academic and commercial solutions in the area of smartphone security yields a list of applied and recommended defense mechanisms for hardening mobile devices in general and the Android in particular. Lastly, we present five major (high-risk) threats to the Android framework and propose security solutions to mitigate them. We conclude by proposing a set of security mechanisms that should be explored and introduced into Android-powered devices.