Google's Android is a comprehensive software framework for mobile
communication devices (i.e., smartphones, PDAs). The Android framework includes
an operating system, middleware and a set of key applications. The
incorporation of integrated access services to the Internet on such mobile
devices, however, increases their exposure to damages inflicted by various
types of malware. This paper provides a comprehensive security assessment of
the Android framework and the security mechanisms incorporated into it. A
methodological qualitative risk analysis that we conducted identifies the
high-risk threats to the framework and any potential danger to information or
to the system resulting from vulnerabilities that have been uncovered and
exploited. Our review of current academic and commercial solutions in the area
of smartphone security yields a list of applied and recommended defense
mechanisms for hardening mobile devices in general and the Android in
particular. Lastly, we present five major (high-risk) threats to the Android
framework and propose security solutions to mitigate them. We conclude by
proposing a set of security mechanisms that should be explored and introduced
into Android-powered devices.