Android Security – making sense of all the choices
Last week’s public release of the Security Enhanced (SE) Android project and associated source code is hailed by many as an important foundational step to add a new set of options to create secure Android devices. While the recent release of the code base by the National Security Agency (NSA) is familiar territory for Android experts such as Wind River who have been designing and implementing comprehensive security layers to a wide spectrum of Android devices for a few years now, the portrayal of this development in the media as an all-encompassing security solution grossly oversimplifies the complex subject matter that Android security represents.
Simply speaking, compiling and flashing the SE Android code base on to your Nexus S will not make it completely 'secure.'
Wind River has been enabling Android devices for close to five years now. Based on that experience and over a decade of pioneering mobile Linux-based devices, four key security-related points stand out.