One of the biggest misconceptions users migrating to the Android platform have is that they
will be sacrificing security compared to their previous flavor of smartphone OS. This couldn't be farther from the truth. Settle in with your favorite beverage, and follow along after the break and we'll talk about Android's security features, and what you need to know and do to keep things going smoothly.
Android's security model
The key point in Android's design when it comes to security is the "secure sandbox." No application by default has permission to perform any operation that would impact another application, the operating system, or the user. This includes things like writing or reading private data (contacts, e-mails, the homescreen, etc.), network access, keeping the phone awake, or reading/writing to another applications files.
To allow an application to interfere with another application's sandbox, access private data, or perform any function not directly related to the application itself, it must explicitly declare permission for anything not provided by its own sandbox. These permissions are declared up front before the app is installed, and can not be changed after installation.
Next time you install an app from the Market, take a minute and read to see exactly what the app can and can not do. It will never be able to do more than what's listed. Applications that can access data that should be private and secure let you know when they are first ran by prompting you. Everyone who has installed a third party keyboard has seen this.
User ID's multitasking, and signed files
Android is a fully multitasking operating system, and uses the inherent Linux model of groups, users, and signature verification for executable files. All applications have to be signed with a certificate that only the original developer has. Ask anyone who hacks at their system -- change much of anything inside an application and you must re-sign it with some sort of experimental testing certificate. Change enough things and you have to re-sign every app in the entire system. Even small things like image file sizes or name, not to mention any of the apps actual functions. The application developers each have a unique certificate, and the signature on any file is easily traced back to it's author.
Each Android application is given its own unique user ID, and its own sandbox to play in. This is generated when the app is installed, and can't be changed. Trust me, I've tried. Anytime an app tries to do something it doesn't have permission to do, it results in a security exception and it halts.
OK, enough geek-speak. What does all that mean?
- When a developer writes an application, he or she either sets up all the required permissions inside the app, or has a script that runs and asks the user to enable or disable any features. Sometimes both.
- The developer then uses a unique certificate to digitally sign the file.
- When you install the app, you get to see exactly what permissions the app has, and those can never be changed. If they are, the digital signature will no longer match, and the app will not be allowed to run.
- If from a bug, or someone with bad intentions, an app tries to do something it's not allowed to do, it gets forced closed and the security breach is written to the log file.
So when you install an app, the application permissions listed on its market page are what it can and can't do. Period. End of story.
E-mail and security on Android
Lets get the big bear out of the way - Exchange. Exchange e-mail is secure. Doesn't matter if you're using a Palm, Windows Mobile, a BlackBerry, an iPhone, or two cans and a string. All security is configured on the server, and the clients must comply or they don't get access. This is why Exchange support up until Android 2.1 flat out sucked. The client did not support the most commonly used security configurations, and either the server admin changed them (unsafe!) or the user was forced to use another method to get Exchange mail.
Thankfully, Eclair has addressed a lot of these issues and HTC has picked up most of the rest. Exchange support isn't perfect. It isn't as good as Windows Mobile. But it's finally good enough for most cases. Droid and N1 users -- if your server admin can't get you up and running on his system, think about following the path of darkness and root your phone and install a Sense ROM, or look to a third party solution like Touchdown . There's a good chance this will get you compliant.
Any other e-mail isn't secure. Period. Blackberry BIS or GMail can encrypt data from the mail server to your handset or web browser, but all e-mail data between regular mail servers on the internet is sent in plain text. The ONLY way to secure your e-mail is by using encryption or to use VPN to connect to a private network's internal mail server. If it goes across the intertubes, anyone with a little ambition and some free black-hat style software can intercept it and see what you're sending or receiving. Lots of people will try to say differently, and they probably even believe it, but that doesn't make it so. If e-mail was secure in nature, there would be no draw for expensive solutions like Exchange, BES, or VPN. The e-mail you send to your friend telling them how wasted you got during Hempfest '09, or the naughty pictures you send to your more special friends is out there for the taking. I wish it weren't, but it is -- unless you're taking some extra precautions to make it so.
The scariest part of the whole thing is just how easy it is to intercept an e-mail and read it. If you or I can do it, bet your last dollar that those genius kids out there can do it easier, better, and faster. The good news is that nobody is likely to be reading your e-mail unless you give them a reason to. Billions of messages are flying around at any one moment, and yours is just one of them unless you make it attractive somehow.
Enough doomcasting (I sooo stole that line from Keith and Dieter :P ), let's look at some ways to fill in any gaps in the security model of Android.
Jerry's Security Suite
The biggest distinction between Android and other mobile OS models known for their security **cough** Blackberry **cough** is the reliance on third-party solutions. Android is coded to be lean and mean, but developers are given access to core components to improve or add functionality. Handcent or Chomp SMS are great examples of this, as is Touchdown that was mentioned above. There's no reason that developers should not be allowed to offer alternative (and possibly greatly improved!) solutions to core OS components. After all, their app is signed by a key that is directly linked to them, and it can't be changed. Hard to get away with monkey business when your good name is plastered all over it.
Since I'm on a security bender this week, lets look at a set off applications that will grant you a little piece of mind. These aren't the only solutions available, and you should always explore all your options, but these are the apps that work for me and I feel very comfortable recommending them. And the best part -- they're all 100 percent free.
OI Safe is a free password manager. One of those functions that isn't built into Android, but done very well by several third party developers. It supports AES encryption, and plugs in with other apps from OpenInternets. Let's look at it in use.
When you first set up the app, you enter a master password, then set up entries for each password you need to keep track of. Beats the dickens out of keeping a text file with them on your SD card. What? You didn't realize that everyone thinks of that? That's the first place people will look when they're up to no good. Then, whenever you open the app you are given the opportunity to enter the master password.
Make it a good one. Don't use your phone number!
When you enter it correctly, you get a list of categories. In my example, I'm using two -- one for business, and one for personal sites.
Since my personal entry is personal, lets peek into my business category. You get to see each entry in a list.
Press on one of them (notice I didn't say click this time James N. - old habits and all) and
it jumps up, with a handy little button as a shortcut to the website. It also copies the password to the clipboard, ready for pasting into the appropriate place.
Don't make the mistake of using the same password for everywhere and everything. You don't have to. Apps like OI Safe make it way too easy to manage secure passwords, and they are many desktop solutions as well. Get OI Safe below
LockMe Widget enables/disables the pattern lock when your phone goes to sleep with one click. There's no app, it's only a widget. But it's a damn good one. Click to shut the door, lock screen is enabled. Click to open it, and it's disabled. Easy to tell if the pattern lock is
on or off, and super easy to change. It doesn't look half bad either!
Lock it to me baby (OK I'm sorry. I'll stop now)
Security Guarder is a firewall for your phone. It allows you to filter unwanted calls and texts, saving both your sanity and coin. The really nice bit is the built in default rules. They allow for quick set up to block the blacklist, allow only the whitelist, block unknown callers and texts, allow only your contacts or a combination of these. Fire it up, and you'll see a dashboard where you can see logs, set up your lists, set the global app settings, or change your rules.
The "default" rule is super customizable, and allows different settings for text or voice from the same number.
Viewing and editing your lists (both black and white) is straightforward and easy to manage.
One press on the rules icon in the dashboard gives you a quick settings window to override your rule set.
This is one of those apps that I can't believe is free. Equivalent applications on other platforms can get pretty pricey. The best thing - it just works. No hopping on one foot or sacrificing a chicken to enable the firewall. Grab Security Guarder below
[Market link] | [App Brain]
In the developers own words, Mobile Defense is "like LoJack® for your phone." Once installed, you have the ability to track, securely wipe, set off an alert, and get usage details all from a secure website. Installation is easy as pie. Install it from the Market, run it once and check your email for a link, then reboot. The applications icon then disappears and nobody but you knows it's there. If you're rooted, you can even install the app to the OS's system files so that even if someone searches your market history and finds it installed, they can't uninstall it easily. Oh did I mention - it's FREE?
When you log into your account at the secure website, you get access to your precious Android device so you can tell the Police where it is, wipe any sensitive material, or even chirp out a warning that you called the fuzz and know where your baby is. Check out the screenies below.
This puppy is accurate, too. In the last pic I'm beside the house at the Grill...right where the blue dot says I am. Thank goodness Google Maps doesn't get any better resolution in my area, or I'd have to stop taking my phone into the bathroom with me :)
Grab Mobile Defense below
[Market link] | [App Brain]
Of course, there's no substitute for common sense. But armed with the correct knowledge, and some great free tools, Android is just as secure an operating system as any -- even one's
that tout their security feature set.
See ya next week,