diff options
| author | The Android Open Source Project <initial-contribution@android.com> | 2009-03-03 18:28:45 -0800 |
|---|---|---|
| committer | The Android Open Source Project <initial-contribution@android.com> | 2009-03-03 18:28:45 -0800 |
| commit | d83a98f4ce9cfa908f5c54bbd70f03eec07e7553 (patch) | |
| tree | 4b825dc642cb6eb9a060e54bf8d69288fbee4904 /docs/html/guide/appendix/faq/security.jd | |
| parent | 076357b8567458d4b6dfdcf839ef751634cd2bfb (diff) | |
| download | frameworks_base-d83a98f4ce9cfa908f5c54bbd70f03eec07e7553.zip frameworks_base-d83a98f4ce9cfa908f5c54bbd70f03eec07e7553.tar.gz frameworks_base-d83a98f4ce9cfa908f5c54bbd70f03eec07e7553.tar.bz2 | |
auto import from //depot/cupcake/@135843
Diffstat (limited to 'docs/html/guide/appendix/faq/security.jd')
| -rw-r--r-- | docs/html/guide/appendix/faq/security.jd | 156 |
1 files changed, 0 insertions, 156 deletions
diff --git a/docs/html/guide/appendix/faq/security.jd b/docs/html/guide/appendix/faq/security.jd deleted file mode 100644 index b0d832b..0000000 --- a/docs/html/guide/appendix/faq/security.jd +++ /dev/null @@ -1,156 +0,0 @@ -page.title=Android Security FAQ -parent.title=FAQs, Tips, and How-to -parent.link=index.html -@jd:body - -<ul> - <li><a href="#secure">Is Android Secure?</a></li> - <li><a href="#issue">I think I found a security flaw. How do I report - it?</a></li> - <li><a href="#informed">How can I stay informed of Android security - announcements?</a></li> - <li><a href="#use">How do I securely use my Android phone?</a></li> - <li><a href="#malware">I think I found malicious software being distributed - for Android. How can I help?</a></li> - <li><a href="#fixes">How will Android-powered devices receive security fixes?</a> - </li> - <li><a href="#directfix">Can I get a fix directly from the Android Platform - Project?</a></li> -</ul> - - -<a name="secure" id="secure"></a><h2>Is Android secure?</h2> - -<p>The security and privacy of our users' data is of primary importance to the -Android Open Source Project. We are dedicated to building and maintaining one -of the most secure mobile platforms available while still fulfilling our goal -of opening the mobile device space to innovation and competition.</p> - -<p>The Android Platform provides a rich <a -href="http://code.google.com/android/devel/security.html">security model</a> -that allows developers to request the capabilities, or access, needed by their -application and to define new capabilities that other applications can request. -The Android user can choose to grant or deny an application's request for -certain capabilities on the handset.</p> - -<p>We have made great efforts to secure the Android platform, but it is -inevitable that security bugs will be found in any system of this complexity. -Therefore, the Android team works hard to find new bugs internally and responds -quickly and professionally to vulnerability reports from external researchers. -</p> - - -<a name="issue" id="issue"></a><h2>I think I found a security flaw. How do I -report it?</h2> - -<p>You can reach the Android security team at <a -href="mailto:security@android.com">security@android.com</a>. If you like, you -can protect your message using our <a -href="http://code.google.com/android/security_at_android_dot_com.txt">PGP -key</a>.</p> - -<p>We appreciate researchers practicing responsible disclosure by emailing us -with a detailed summary of the issue and keeping the issue confidential while -users are at risk. In return, we will make sure to keep the researcher informed -of our progress in issuing a fix and will properly credit the reporter(s) when -we announce the patch. We will always move swiftly to mitigate or fix an -externally-reported flaw and will publicly announce the fix once patches are -available to users.</p> - - -<a name="informed" id="informed"></a><h2>How can I stay informed of Android -security announcements?</h2> - -<p>An important part of sustainably securing a platform, such as, Android is -keeping the user and security community informed of bugs and fixes. We will -publicly announce security bugs when the fixes are available via postings to -the <a -href="http://groups.google.com/group/android-security-announce">android-security-announce</a> -group on Google Groups. You can subscribe to this group as you would a mailing -list and view the archives here.</p> - -<p>For more general discussion of Android platform security, or how to use -security features in your Android application, please subscribe to <a -href="http://groups.google.com/group/android-security-discuss">android-security-discuss</a>. -</p> - - -<a name="use" id="use"></a><h2>How do I securely use my Android phone?</h2> - -<p>As an open platform, Android allows users to load software from any -developer onto a device. As with a home PC, the user must be -aware of who is providing the software they are downloading and must decide -whether they want to grant the application the capabilities it requests. -This decision can be informed by the user's judgment of the software -developer's trustworthiness, and where the software came from.</p> - -<p>Despite the security protections in Android, it is important -for users to only download and install software from developers they trust. -More details on how Android users can make smart security decisions will be -released when consumer devices become available.</p> - - -<a name="malware" id="malware"></a><h2>I think I found malicious software being -distributed for Android. How can I help?</h2> - -<p>Like any other open platform, it will be possible for unethical developers -to create malicious software, known as <a -href="http://en.wikipedia.org/wiki/Malware">malware</a>, for Android. If you -think somebody is trying to spread malware, please let us know at <a -href="mailto:security@android.com">security@android.com</a>. Please include as -much detail about the application as possible, with the location it is -being distributed from and why you suspect it of being malicious software.</p> - -<p>The term <i>malicious software</i> is subjective, and we cannot make an -exhaustive definition. Some examples of what the Android Security Team believes -to be malicious software is any application that: -<ul> - <li>drains the device's battery very quickly;</li> - <li>shows the user unsolicited messages (especially messages urging the - user to buy something);</li> - <li>resists (or attempts to resist) the user's effort to uninstall it;</li> - <li>attempts to automatically spread itself to other devices;</li> - <li>hides its files and/or processes;</li> - <li>discloses the user's private information to a third party, without the - user's knowledge and consent;</li> - <li>destroys the user's data (or the device itself) without the user's - knowledge and consent;</li> - <li>impersonates the user (such as by sending email or buying things from a - web store) without the user's knowledge and consent; or</li> - <li>otherwise degrades the user's experience with the device.</li> -</ul> -</p> - - -<a name="fixes" id="fixes"></a><h2>How will Android-powered devices receive security -fixes?</h2> - -<p>The manufacturer of each device is responsible for distributing software -upgrades for it, including security fixes. Many devices will update themselves -automatically with software downloaded "over the air", while some devices -require the user to upgrade them manually.</p> - -<p>When Android-powered devices are publicly available, this FAQ will provide links how -Open Handset Alliance members release updates.</p> - -<a name="directfix" id="directfix"></a><h2>Can I get a fix directly from the -Android Platform Project?</h2> - -<p>Android is a mobile platform that will be released as open source and -available for free use by anybody. This means that there will be many -Android-based products available to consumers, and most of them will be created -without the knowledge or participation of the Android Open Source Project. Like -the maintainers of other open source projects, we cannot build and release -patches for the entire ecosystem of products using Android. Instead, we will -work diligently to find and fix flaws as quickly as possible and to distribute -those fixes to the manufacturers of the products.</p> - -<p>In addition, We will add security fixes to the open source distribution of -Android and publicly announce the changes on <a -href="http://groups.google.com/group/android-security-announce">android-security-announce</a>. -</p> - -<p>If you are making an Android-powered device and would like to know how you can -properly support your customers by keeping abreast of software updates, please -contact us at <a -href="mailto:info@openhandsetalliance.com">info@openhandsetalliance.com</a>.</p> |