Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Google entered the mobile phone market with a splash, promising that its Android operating system would be wide open to developers. This was very different from the traditional approach–mobile phone carriers in the United States have typically exercised tight control over which software can be run on their devices. Apple’s popular iPhone, though a recent entry, was no exception. Apple closed off aspects of its device to third-party applications and had to approve all applications sold through its market.

But as phones become more like desktop computers, they become subject to the same security risks that abound on the Internet. To ensure Android’s success, Google had to come up with a new approach to security for mobile phones. Rich Cannings, Android Security Lead at Google, spoke this week at the Usenix Security Conference in Montreal, Quebec, regarding the company’s design.

There’s always a balance to strike between being open and being secure, Cannings says. “I could make the most secure mobile phone ever, but no one would use it.” A truly secure mobile phone certainly couldn’t access the Internet, he says, and it might not even be able to send text messages or receive calls.

Instead of eliminating all risks and, therefore, all features, Google’s approach is to minimize what attackers can do if they are able to get access to a device. For inspiration, Google looked to the Web, Cannings says. Web applications are protected by the “same origin policy,” which under normal circumstances prevents one website from exchanging information with any other website that a user may have open.

To translate this type of approach to an operating system, Cannings says, the company treated each application as a different user of the device. When multiple users share a single desktop machine, the operating system is designed to protect them from each other by giving each its own account. From one account, it’s not possible to see files in other accounts, or to affect another user’s data. In the same way, the Android operating system treats each application as a separate user, so that if an attacker breaks into the Web browser, for example, he won’t be able to access the address book.

But just separating each application wasn’t secure enough. There’s no reason, for example, for a Pac-Man application to be able to access the Internet, Cannings says. So the Android security team limited each application’s access to the phone unless it asked permission from the user. Here, they were faced with another challenge.

“Most humans have a difficult time analyzing unknown risks,” he says. When users have to handle their own security, they often become numb to the risks and click OK every time a dialogue box alerts them to a problem. Android is designed to ask once, when the application is being installed. It also shows the user only the most important alerts, while offering an option to see the full list.

1 comment. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Communications, security, Android, mobile phones, open source, operating system

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me