[...] one must compromise the security of the the Linux kernel.


  1. Sanforalini

    Sanforalini New Member

    (from http://source.android.com/tech/security/index.html):
    (complete sentence; couldn't get it entirely in the title):

    <quote>
    Like all security features, the Application Sandbox is not unbreakable. However, to break out of the Application Sandbox in a properly configured device, one must compromise the security of the the Linux kernel.
    </quote>

    Whilst this sounds like quite the bold statement, it might cause the slightest grin on the face of many sysadmins.

    Although I surely couldn't break the Linux kernel, compared to BSD flavors of Unix, it's not looked upon as the most secure OS.

    Hence also the existence of the security enhanced Linux kernel.
    (If the kernel is hyper-secure, why need a security enhanced version?)

    So, without further ado, my question :):

    Does android uses the security enhanced Linux kernel?

    If so, why is this not explicitly mentioned on their site:
    Android Security Overview | Android Open Source
    ?

    If not,
    why not?

    best regards,

    S.
    ps: I'm kinda glad I can include links after my, albeit slightly vexed, introduction :$

    Advertisement
  2. OfTheDamned

    OfTheDamned The Friendly Undead VIP Member

    I moved this over to application development for you. I think you will find better answers here.
  3. EarlyMon

    EarlyMon The PearlyMon Moderator

    Not sure how much it matters here. (Not saying it doesn't, saying not sure.)

    Most all Android applications run inside the Dalvik Virtual Machine. Breakout to exploit system vulnerabilities is not nearly as easy as it is with native applications.

    Therefore, the Android exploits today are the ones easy to get to - malware usually installed by users not paying attention to privilege warnings - or trusting pirated versions of apps.

Share This Page