Android 是一个设计成完全开放的现代的移动平台。Android 应用程序通过使用暴漏给平台的先进的硬件和软件,以及本地和服务的数据,给消费者带来创新和价值。为了保护那价值,这个平台必须提供一个应用环境,保证用户、数据、应用、设备和网络的安全。
Android is a modern mobile platform that was designed to be truly open. Android applications make use of advanced hardware and software, as well as local and served data, exposed through the platform to bring innovation and value to consumers. To protect that value, the platform must offer an application environment that ensures the security of users, data, applications, the device, and the network.一个开放的平台的安全性需要一个强健的安全体系和严格的安全程序。Android 采用灵活的多层安全设计,同时为该平台的所有用户提供保护。
Securing an open platform requires a robust security architecture and rigorous security programs. Android was designed with multi-layered security that provides the flexibility required for an open platform, while providing protection for all users of the platform.
Android 设计时考虑了开发者。安全控制是为了降低开发者的负担。安全知识丰富的开发者可以很容易地使用和依赖灵活的安全控制工作。对安全不了解的开发者将通过缺省安全保护。
Android was designed with developers in mind. Security controls were designed to reduce the burden on developers. Security-savvy developers can easily work with and rely on flexible security controls. Developers less familiar with security will be protected by safe defaults.
Android 在设计时考虑来设备用户。用户可直观地了解应用程序如何工作,以及控制那些应用程序。这个设计考虑到了攻击者通常会尝试的攻击,如说服设备用户安装恶意软件的社会工程攻击,以及在 Android 上第三方应用程序的攻击。Android 设计就是为了减少这些攻击的可能性和极大限制了那些攻击成功事件的影响。
Android was designed with device users in mind. Users are provided visibility into how applications work, and control over those applications. This design includes the expectation that attackers would attempt to perform common attacks, such as social engineering attacks to convince device users to install malware, and attacks on third-party applications on Android. Android was designed to both reduce the probability of these attacks and greatly limit the impact of the attack in the event it was successful.
本文档介绍了 Android 安全计划的目标,描述了 Android 的安全体系结构的基础,并为系统设计师和分析师回答了相关问题。本文档的重点是 Android 的核心平台的安全特性和不讨论那些特定的应用程序的安全问题,如那些和浏览器或短信有关的应用。构建 Android 设备,部署 Android 设备,或为 Android 开发应用程序的推荐的最佳实践并不是本文档的目标,这些在其他地方提供。
This document outlines the goals of the Android security program, describes the fundamentals of the Android security architecture, and answers the most pertinent questions for system architects and security analysts. This document focuses on the security features of Android's core platform and does not discuss security issues that are unique to specific applications, such as those related to the browser or SMS application. Recommended best practices for building Android devices, deploying Android devices, or developing applications for Android are not the goal of this document and are provided elsewhere.