This Article 
 Bibliographic References 
 Add to: 
Understanding Android Security
January/February 2009 (vol. 7 no. 1)
pp. 50-57
William Enck, Pennsylvania State University
Machigar Ongtang, Pennsylvania State University
Patrick McDaniel, Pennsylvania State University
Google's Android platform is a widely anticipated open source operating system for mobile phones. This article describes Android's security model and attempts to unmask the complexity of secure application development. The authors conclude by identifying lessons and opportunities for future enhancements.

1. J.P. Anderson, Computer Security Technology Planning Study, tech. report ESD-TR-73-51, Mitre, Oct. 1972.
2. M.A. Harrison, W.L. Ruzzo, and J.D. Ullman, "Protection in Operating Systems," Comm. ACM, vol. 19, no. 8, 1976, pp. 461–471.
3. L. Badger et al., "Practical Domain and Type Enforcement for UNIX," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 1995, pp. 66–77.
4. J. Saltzer and M. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, vol. 63, no. 9, 1975, pp. 1278–1308.
5. I. Krstic and S.L. Garfinkel, "Bitfrost: The One Laptop per Child Security Model," Proc. Symp. Usable Privacy and Security, ACM Press, 2007, pp. 132–142.
6. N. Li, B.N. Grosof, and J. Feigenbaum, "Delegation Logic: A Logic-Based Approach to Distributed Authorization," ACM Trans. Information and System Security, vol. 6, no.1, 2003, pp. 128–171.
7. W. Enck, M. Ongtang, and P. McDaniel, Mitigating Android Software Misuse Before It Happens, tech. report NAS-TR-0094-2008, Network and Security Research Ctr., Dept. Computer Science and Eng., Pennsylvania State Univ., Nov. 2008.

Index Terms:
Android, mobile phones, Smartphones, security
William Enck, Machigar Ongtang, Patrick McDaniel, "Understanding Android Security," IEEE Security & Privacy, vol. 7, no. 1, pp. 50-57, Jan.-Feb. 2009, doi:10.1109/MSP.2009.26
Usage of this product signifies your acceptance of the Terms of Use.