1. What is Android?

1.1. Android Operation System

Android is an operating system based on Linux with a Java programming interface.

The Android Software Development Kit (Android SDK) provides all necessary tools to develop Android applications. This includes a compiler, debugger and a device emulator, as well as its own virtual machine to run Android programs.

Android is currently primarily developed by Google.

Android allows background processing, provides a rich user interface library, supports 2-D and 3-D graphics using the OpenGL libraries, access to the file system and provides an embedded SQLite database.

Android applications consist of different components and can re-use components of other applications, if these applications declare their components as available. This leads to the concept of a task in Android; an application can re-use other Android components to archive a task.

For example you can write an application which integrates a map component and a camera component to archive a certain task.

1.2. Google Play

Google offers the "Google Play" service. Google hosts Android applications and the Google Play application allows to install new Android application on an Android device. Google Play used to be called "Android Market".

1.3. Security and permissions

During deployment on an Android device, the Android system will create a unique user and group ID for every Android application. Each application file is private to this generated user, e.g. other applications cannot access these files.

In addition each Android application will be started in its own process.

Therefore by means of the underlying Linux operating system, every Android application is isolated from other running applications. A misbehaving application cannot easily harm other Android applications.

If data should be shared, the application must do this explicitly, e.g. via a Service or a ContentProvider.

Android also contains a permission system. Android predefines permissions for certain tasks but every application can also define its own permissions.

An application must declare in its configuration file (AndroidManifest.xml) that it requires certain permissions.

Depending on the details of the required permission, the Android system will either automatically grant the permission, reject it or ask the user if he grants this permission to the application during installation.

If for example the application declares that it requires Internet access, the user needs to confirm the usage of this permission during installation.

This is called "user driven security". The user decides to grant a permission or to deny it. If the user denies a permission required by the application, this application cannot be installed. The check of the permission is only performed during installation, permissions cannot be denied or granted after the installation.

Typically not all users check the permissions in detail but some users do. If there is something