Initial Contribution

1 files changed, 154 insertions, 0 deletions

diff --git a/docs/html/guide/appendix/faq/security.jd b/docs/html/guide/appendix/faq/security.jd
new file mode 100644
index 0000000..1c66f95
--- /dev/null
+++ b/docs/html/guide/appendix/faq/security.jd
@@ -0,0 +1,154 @@
+page.title=Android Security FAQ
+@jd:body
+
+<ul>
+    <li><a href="#secure">Is Android Secure?</a></li>
+    <li><a href="#issue">I think I found a security flaw. How do I report
+    it?</a></li>
+    <li><a href="#informed">How can I stay informed of Android security
+    announcements?</a></li>
+    <li><a href="#use">How do I securely use my Android phone?</a></li>
+    <li><a href="#malware">I think I found malicious software being distributed
+    for Android. How can I help?</a></li>
+    <li><a href="#fixes">How will Android-powered devices receive security fixes?</a>
+    </li>
+    <li><a href="#directfix">Can I get a fix directly from the Android Platform
+    Project?</a></li>
+</ul>
+
+
+<a name="secure" id="secure"></a><h2>Is Android secure?</h2>
+
+<p>The security and privacy of our users' data is of primary importance to the
+Android Open Source Project. We are dedicated to building and maintaining one
+of the most secure mobile platforms available while still fulfilling our goal
+of opening the mobile device space to innovation and competition.</p>
+
+<p>The Android Platform provides a rich <a
+href="http://code.google.com/android/devel/security.html">security model</a>
+that allows developers to request the capabilities, or access, needed by their 
+application and to define new capabilities that other applications can request.
+The Android user can choose to grant or deny an application's request for
+certain capabilities on the handset.</p>
+
+<p>We have made great efforts to secure the Android platform, but it is
+inevitable that security bugs will be found in any system of this complexity.
+Therefore, the Android team works hard to find new bugs internally and responds
+quickly and professionally to vulnerability reports from external researchers.
+</p>
+
+
+<a name="issue" id="issue"></a><h2>I think I found a security flaw. How do I
+report it?</h2>
+
+<p>You can reach the Android security team at <a
+href="mailto:security@android.com">security@android.com</a>. If you like, you
+can protect your message using our <a
+href="http://code.google.com/android/security_at_android_dot_com.txt">PGP
+key</a>.</p>
+
+<p>We appreciate researchers practicing responsible disclosure by emailing us 
+with a detailed summary of the issue and keeping the issue confidential while 
+users are at risk. In return, we will make sure to keep the researcher informed
+of our progress in issuing a fix and will properly credit the reporter(s) when
+we announce the patch. We will always move swiftly to mitigate or fix an 
+externally-reported flaw and will publicly announce the fix once patches are 
+available to users.</p>
+
+
+<a name="informed" id="informed"></a><h2>How can I stay informed of Android
+security announcements?</h2>
+
+<p>An important part of sustainably securing a platform, such as, Android is
+keeping the user and security community informed of bugs and fixes. We will
+publicly announce security bugs when the fixes are available via postings to
+the <a
+href="http://groups.google.com/group/android-security-announce">android-security-announce</a>
+group on Google Groups. You can subscribe to this group as you would a mailing
+list and view the archives here.</p>
+
+<p>For more general discussion of Android platform security, or how to use
+security features in your Android application, please subscribe to <a
+href="http://groups.google.com/group/android-security-discuss">android-security-discuss</a>.
+</p>
+
+
+<a name="use" id="use"></a><h2>How do I securely use my Android phone?</h2>
+
+<p>As an open platform, Android allows users to load software from any
+developer onto a device.  As with a home PC, the user must be
+aware of who is providing the software they are downloading and must decide
+whether they want to grant the application the capabilities it requests.
+This decision can be informed by the user's judgment of the software
+developer's trustworthiness, and where the software came from.</p>
+
+<p>Despite the security protections in Android, it is important
+for users to only download and install software from developers they trust.
+More details on how Android users can make smart security decisions will be
+released when consumer devices become available.</p>
+
+
+<a name="malware" id="malware"></a><h2>I think I found malicious software being
+distributed for Android. How can I help?</h2>
+
+<p>Like any other open platform, it will be possible for unethical developers
+to create malicious software, known as <a
+href="http://en.wikipedia.org/wiki/Malware">malware</a>, for Android. If you
+think somebody is trying to spread malware, please let us know at <a 
+href="mailto:security@android.com">security@android.com</a>. Please include as
+much detail about the application as possible, with the location it is
+being distributed from and why you suspect it of being malicious software.</p>
+
+<p>The term <i>malicious software</i> is subjective, and we cannot make an 
+exhaustive definition.  Some examples of what the Android Security Team believes
+to be malicious software is any application that:
+<ul>
+    <li>drains the device's battery very quickly;</li>
+    <li>shows the user unsolicited messages (especially messages urging the
+    user to buy something);</li>
+    <li>resists (or attempts to resist) the user's effort to uninstall it;</li>
+    <li>attempts to automatically spread itself to other devices;</li>
+    <li>hides its files and/or processes;</li>
+    <li>discloses the user's private information to a third party, without the
+    user's knowledge and consent;</li>
+    <li>destroys the user's data (or the device itself) without the user's
+    knowledge and consent;</li>
+    <li>impersonates the user (such as by sending email or buying things from a
+    web store) without the user's knowledge and consent; or</li>
+    <li>otherwise degrades the user's experience with the device.</li>
+</ul>
+</p>
+
+
+<a name="fixes" id="fixes"></a><h2>How will Android-powered devices receive security
+fixes?</h2>
+
+<p>The manufacturer of each device is responsible for distributing software
+upgrades for it, including security fixes. Many devices will update themselves
+automatically with software downloaded "over the air", while some devices
+require the user to upgrade them manually.</p>
+
+<p>When Android-powered devices are publicly available, this FAQ will provide links how
+Open Handset Alliance members release updates.</p>
+
+<a name="directfix" id="directfix"></a><h2>Can I get a fix directly from the
+Android Platform Project?</h2>
+
+<p>Android is a mobile platform that will be released as open source and
+available for free use by anybody. This means that there will be many
+Android-based products available to consumers, and most of them will be created
+without the knowledge or participation of the Android Open Source Project. Like
+the maintainers of other open source projects, we cannot build and release
+patches for the entire ecosystem of products using Android. Instead, we will
+work diligently to find and fix flaws as quickly as possible and to distribute
+those fixes to the manufacturers of the products.</p>
+
+<p>In addition, We will add security fixes to the open source distribution of
+Android and publicly announce the changes on <a 
+href="http://groups.google.com/group/android-security-announce">android-security-announce</a>.
+</p>
+
+<p>If you are making an Android-powered device and would like to know how you can 
+properly support your customers by keeping abreast of software updates, please
+contact us at <a
+href="mailto:info@openhandsetalliance.com">info@openhandsetalliance.com</a>.</p>