English

The Android Platform Security Model (2023)

Cryptography and Security 2024-01-10 v3 Operating Systems

Abstract

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. To support this flexibility, Android's security model must strike a difficult balance between security, privacy, and usability for end users; provide assurances for app developers; and maintain system performance under tight hardware constraints. This paper aims to both document the assumed threat model and discuss its implications, with a focus on the ecosystem context in which Android exists. We analyze how different security measures in past and current Android implementations work together to mitigate these threats, and, where there are special cases in applying the security model in practice; we discuss these deliberate deviations and examine their impact.

Keywords

Cite

@article{arxiv.1904.05572,
  title  = {The Android Platform Security Model (2023)},
  author = {René Mayrhofer and Jeffrey Vander Stoep and Chad Brubaker and Dianne Hackborn and Bram Bonné and Güliz Seray Tuncay and Roger Piqueras Jover and Michael A. Specter},
  journal= {arXiv preprint arXiv:1904.05572},
  year   = {2024}
}
R2 v1 2026-06-23T08:36:28.021Z