1. Download our Official Android App: Forums for Android!

Apps [...] one must compromise the security of the the Linux kernel.

Discussion in 'Android Development' started by Sanforalini, Nov 4, 2011.

  1. Sanforalini

    Sanforalini Lurker
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    2
    Joined:
    Nov 4, 2011

    Nov 4, 2011
    2
    1
    26
    it specialist
    (from http://source.android.com/tech/security/index.html):
    (complete sentence; couldn't get it entirely in the title):

    <quote>
    Like all security features, the Application Sandbox is not unbreakable. However, to break out of the Application Sandbox in a properly configured device, one must compromise the security of the the Linux kernel.
    </quote>

    Whilst this sounds like quite the bold statement, it might cause the slightest grin on the face of many sysadmins.

    Although I surely couldn't break the Linux kernel, compared to BSD flavors of Unix, it's not looked upon as the most secure OS.

    Hence also the existence of the security enhanced Linux kernel.
    (If the kernel is hyper-secure, why need a security enhanced version?)

    So, without further ado, my question :):

    Does android uses the security enhanced Linux kernel?

    If so, why is this not explicitly mentioned on their site:
    Android Security Overview | Android Open Source
    ?

    If not,
    why not?

    best regards,

    S.
    ps: I'm kinda glad I can include links after my, albeit slightly vexed, introduction :$
     

    Advertisement

  2. OfTheDamned

    OfTheDamned The Friendly Undead
    Rank:
    None
    Points:
    813
    Posts:
    9,692
    Joined:
    Oct 29, 2009

    Oct 29, 2009
    9,692
    8,365
    813
    Right Behind You
    I moved this over to application development for you. I think you will find better answers here.
     
  3. EarlyMon

    EarlyMon The PearlyMon
    Rank:
     #1
    Points:
    5,218
    Posts:
    57,632
    Joined:
    Jun 10, 2010

    Jun 10, 2010
    57,632
    70,418
    5,218
    New Mexico, USA
    Not sure how much it matters here. (Not saying it doesn't, saying not sure.)

    Most all Android applications run inside the Dalvik Virtual Machine. Breakout to exploit system vulnerabilities is not nearly as easy as it is with native applications.

    Therefore, the Android exploits today are the ones easy to get to - malware usually installed by users not paying attention to privilege warnings - or trusting pirated versions of apps.
     

Share This Page

Loading...