Android Security Essentials AND-802 Online Questions

1. By default, all Android applications have no permission to access any protected resource that

would have adverse effects on the system or on other applications.

2. It is not necessary that every application installed on an Android device be signed by the developer before being published.

3. If two applications are developed by the same developer, they can share each other’s data if they have the same signature and the same android:sharedUserId flag set in their manifest files.

4. Releasing updates of an application into Google Play requires signing it with the same certificate, or else all the previous users will not be notified of the update and eventually are lost.

5. A digital certificate is an electronic “passport” that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI).The message is encrypted with the Private key, and can only be decrypted with the Public key.

6. Permission is the right given to an application by Android to allow access to restricted system API (Application Programming Interface) such as Camera, Bluetooth, GPS, etc…

7. During an application run-time, permissions may be enforced at a number of places when calling into the system, starting an activity, sending and receiving broadcasts, accessing and manipulating a content provider, and binding to or starting a service.

8. Any Android application can protect itself by declaring permissions that can be accessed by other applications. This can be achieved using the <permission> tag in the activity_main.xml file of the Android applications providing the permission.

9. Content providers can help an application manage access to data stored by it or by other apps. They also provide a way to share data with other apps.

10. Android application developers can create custom permissions that should be labeled properly.