This is my talk from the Android Builders Summit in February 2013 in San Francisco.
Slides of the talk (press 'h' for help)
Here's the abstract of the talk:
Android Security is quite multifaceted - not surprisingly given the depth and complexity of the Android OS. In this talk, you will learn what makes up the various layers of security and how they work together. By the end of this talk, you’ll have a solid understanding of various security concerns from the low level kernel to the high level app permissions, and everything in between. This talk focuses on the entire platform, not just the apps layer.We’ll start with the Android architecture from the security perspective, followed by the startup and boot process of a typical device. Once you understand that, we’ll deep-dive into Android security architecture, app signing, user ids, file access, multi-user support and permissions. Next, we’ll provide an overview of file system encryption, rooting and security of memory. Finally, we’ll touch on device policy administration, malware, SE Android, and some other vectors of attack.This talk assumes basic understanding of operating systems and is based on Jelly Bean multi-user version of Android OS.