Understanding the Android Security Model

In this first section, we’re going to cover security during the deployment and execution of the application. With respect to deployment, Android applications have to be signed with a digital certificate in order for you to install them onto a device. With respect to execution, Android runs each application within a separate process, each of which has a unique and permanent user ID (assigned at install time). This places a boundary around the process and prevents one application from having direct access to another’s data. Moreover, Android defines a declarative permission model that protects sensitive features (such as the contact list).

In the next several sections, we are going to discuss these topics. ...

Get Pro Android 4 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.