This document describes how application developers can use the security features provided by Android. A more general Android Security +href="http://source.android.com/tech/security/index.html" +class="external-link">Android Security Overview is provided in the Android Open Source Project.
@@ -98,7 +99,7 @@ require, and the Android system prompts the user for consent.The application sandbox does not depend on the technology used to build an application. In particular the Dalvik VM is not a security boundary, and -any app can run native code (see the Android +any app can run native code (see the Android NDK). All types of applications — Java, native, and hybrid — are sandboxed in the same way and have the same degree of security from each other.
@@ -114,9 +115,9 @@ signed by a certificate authority; it is perfectly allowable, and typical, for Android applications to use self-signed certificates. The purpose of certificates in Android is to distinguish application authors. This allows the system to grant or deny applications access to signature-level +href="{@docRoot}guide/topics/manifest/permission-element.html#plevel">signature-level permissions and to grant or deny an application's request to be given +href="{@docRoot}guide/topics/manifest/manifest-element.html#uid">request to be given the same Linux identity as another application. @@ -806,7 +807,7 @@ methods.