Android has clearly surpassed every other mobile operating system in terms of popularity, adoption rates, and alternative uses (Internet of Things, IoT). With mobile malware increasing faster than mobile commerce (mCommerce), it is worth understanding the security landscape of Android. The architecture, the vulnerabilities, and the defenses have all come a long way, and this survey is by far one of the most comprehensive records of key issues and solutions offered.

After covering key architecture topics from a security perspective, the authors cover offensive and defensive techniques. Throughout, they also offer their views on issues, future research areas, and ideas for next-gen Android that will support better privacy, anti-malware solutions, and be extensively used in IoT-based advancements. Next, the key topics of Android platform security architecture are broken into operating system, application framework, and application layers. These form the structure for four following sections, where offensive and defensive works across multiple versions of Android are recounted. Similarly, the security practices in the Android ecosystem are grouped by core participants (users, developers, app stores, and open handset alliance) and malware defense practices. Four following sections cover solutions and issues with defensive approaches like behavior detection, repackaging detection, controlled distribution, and malware monetization schemes. The final sections present a security outlook for Android in its use for home automation and other cyber-physical systems, Android’s role in potential large-scale attacks, privacy considerations, and some new features for Android security and ideas on elevating overall protection offered in what seems to be the platform of choice for years to come.

For security researchers, industry partners, and organizations interested in understanding or developing defensive solutions, this is a quick and easy reference that covers key issues for Android security.