Tuesday 2 April 2013

Security and Permissions

       Applications as Operating System Users
       Explicitly Defined Application Permissions
       Limited Ad-Hoc Permissions
       Application Signing for Trust Relationships
       Marketplace Developer Registration.



Applications as Operating System Users

=>When an application is installed, the operating system creates a new user profile associated with the application.

=>Each application runs as a different user, with its own private files on the file system, a user ID, and a secure operating environment.

=>The application executes in its own process with its own instance of the Dalvik VM and under its own user ID on the operating system.


Explicitly Defined Application Permissions

=>To access shared resources on the system, Android applications register for the specific privileges they require.

=>Some of these privileges enable the application to use phone functionality to make calls, access the network, and control the camera and other hardware sensors.

=>Applications also require permission to access shared data containing private
and personal information, such as user preferences, user’s location, and contact
information.

Limited Ad-Hoc Permissions

=>Applications that act as content providers might want to provide some on-the-fly permissions to other applications for specific information they want to share openly.

=>This is done using ad-hoc granting and revoking of access to specific resources using Uniform Resource Identifiers (URIs).

=>URIs index specific data assets on the system, such as images and text.

=>An example of a URI that provides the phone numbers of all contacts:
                    content://contacts/phones
    Example:
                    Birthday public & private wish list.

=>Application Signing for Trust Relationship.
 
 

Application Signing for Trust Relationships

=>All Android applications packages (.apk) are signed with a certificate, so users know that the application is authentic.

=>The private key for the certificate is held by the developer.This helps establish a trust relationship between the developer and the user.

=>No certificate authority is necessary; self-signed certificates are acceptable.
 
 

Marketplace Developer Registration

=>To publish applications on the popular Android Market, developers must create a developer account.

=>The Android Market is managed closely and no malware is tolerated.

No comments:

Post a Comment